Microsoft, like any company currently focused on developing and marketing products and services based on artificial intelligence, he works every day with volumes of data that were unthinkable a few years ago. And of course, the greater their volume and segregation (that is, their distribution in different places), the greater the risk that some of these groups could be publicly exposed due to some security issue.

That’s the case, as the company itself revealed, in the case of a recently discovered problem that actually meant public access to private data for years. However, before we continue, an important clarification must be made, which is already included in the title of this news, namely that The data that was exposed did not come from Microsoft customersIn this case, they are employees of a technology company.

The security flaw was discovered by the cloud security company Wiz, which immediately informed Microsoft about it. This communication took place on June 22, and Redmond took the necessary measures to protect the said data, which Two days later they were no longer accessible. However, the problem arose in 2020, leaving data exposed for three years, even though there is no explicit evidence that an attacker discovered the problem and used it to access it.

The problem originated in an Azure storage container linked from a GitHub repository used by Microsoft AI researchers. This online storage resource was assigned an overly permissive Shared Access Token (SAS), which meant that anyone accessing the storage URL had full control over all data in the storage account.

Among the 38 terabytes of files exposed were, among other assets, the personal backups of two Microsoft employees who They contained passwords, secret keys and more than 30,000 internal Microsoft Teams messages. Although this potential leak does not directly affect clients, it could have compromised the work of any employees whose information was exposed, so we understand that Microsoft has taken all necessary measures to audit the potential risks involved and, of course, mitigate them.

Storage containers on cloud platforms are a very valuable resource and are commonly used in all types of development that rely on the cloud. However, over the years we have seen how to do it lack of security in their configuration can pose a great threat.