Microsoft under Scrutiny after 38TB Data Leaked via Azure Storage

In July 2020, a misconfigured link led to a leak of 38TB of sensitive Microsoft data.

Welcome back to another edition of Stemble, your go-to source for all things STEM. Today, we delve into a critical incident that raises concerns about data security in the age of cloud computing.

Unveiling the Azure Storage Breach: 38TB of Sensitive Microsoft Data Leaked

In a startling revelation, cloud security provider Wiz recently uncovered a security breach that dates back to July 2020. This breach exposed a staggering 38TB of sensitive Microsoft data. The incident was discovered during a routine scan for exposed storage accounts, shedding light on a massive lapse in cloud security.

The Root of the Problem: Misconfigured Link on GitHub

The breach originated from a software repository hosted on Microsoft-owned GitHub, a platform known for providing open-source code and AI models. It was determined that a Microsoft employee had inadvertently shared a URL leading to a misconfigured Azure Blob storage bucket. This bucket contained an extensive cache of leaked information, including sensitive data that should have remained confidential.

A Warning about Shared Access Signature (SAS) Tokens

Wiz's report emphasized the concerning aspect of Shared Access Signature (SAS) tokens. These tokens are commonly used in cloud storage systems like Azure for granting limited access to specific resources. However, they also carry inherent security risks. The report revealed that SAS tokens are challenging to track and manage due to the lack of a centralized method within the Azure portal. This issue, as highlighted by Wiz, calls for improved methods of safeguarding such critical access credentials.

The Exposed Data: What Was at Stake?

The leaked data contained backups of personal information belonging to Microsoft employees. This included passwords for various Microsoft services, secret keys, and an archive of over 30,000 internal messages from 359 Microsoft employees, exchanged on the Microsoft Teams platform. The magnitude of this breach cannot be overstated, as it exposed not only sensitive information but also the communication within the company.

Microsoft's Response and Reassurances

In response to the incident, the Microsoft Security Response Center (MSRC) issued an advisory. They reassured the public that no customer data had been exposed, and no other internal services were compromised as a result of this breach. Microsoft is taking the necessary steps to address the issue and ensure that such incidents do not occur again in the future.

Learning from the Incident: Enhancing Cloud Security

The exposure of this data was attributed to the use of an excessively permissive Shared Access Signature (SAS) token, which granted full control over the shared files. Wiz researchers pointed out the challenges in monitoring and revoking access associated with this Azure feature. This incident underscores the urgent need for enhanced security measures in cloud environments.

As we navigate the ever-evolving landscape of STEM, it's crucial to stay informed about data breaches like this one. Such incidents not only highlight vulnerabilities but also push the industry to innovate and strengthen its security practices.

Stay tuned for more STEM updates and insights in future editions of Stemble. Until then, keep exploring, learning, and pushing the boundaries of science, technology, engineering, and mathematics.

Thank you for being a part of the Stemble community!