Researchers from cybersecurity firm Wiz have uncovered a significant Microsoft Azure cloud storage database that was left unlocked and contained sensitive information, including private keys and passwords. Fortunately, the database belonged to Microsoft’s own AI researchers, and it was secured before any unauthorized access occurred.
The discovery was made while Wiz researchers were investigating instances of accidental data exposure in cloud-hosted environments. They stumbled upon a Microsoft GitHub repository that contained open-source code for AI models designed for image recognition. These models were hosted on an Azure Storage URL, but a critical human error led to the inclusion of unauthorized data in the storage.
The exposed data amounted to a massive 38 terabytes, which included backups from the computers of two Microsoft employees, passwords for Microsoft services, and over 30,000 Teams chat messages exchanged among Microsoft staff. The researchers explained that the storage account itself couldn’t be accessed directly. Instead, Microsoft’s AI team had generated a shared access signature token (SAS) that granted excessive permissions. SAS tokens allow Azure users to create shareable links for data stored in Azure Storage accounts.
Wiz promptly notified Microsoft of their discovery on June 22, and the SAS token was revoked just two days later. Microsoft then conducted a comprehensive investigation, which took nearly three weeks to complete. The company ultimately determined that the sensitive data had not been accessed by any unauthorized third parties.
To prevent similar incidents in the future, Microsoft has expanded the capabilities of GitHub’s secret spanning service. This service now actively monitors all changes to public open-source code for exposed credentials and other sensitive information in plaintext.
While this incident was resolved without a data breach, it serves as a reminder of the importance of robust security practices in cloud environments. Unsecured databases remain a common issue, and organizations must remain vigilant in protecting sensitive information to prevent potential data breaches.
