We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Microsoft AI Team Mistakenly Leaks 38TB of Company Data

Microsoft AI Team Mistakenly Leaks 38TB of Company Data
Author Image Husain Parvez
Husain Parvez Published on 20th September 2023 Cybersecurity Researcher

In a significant security oversight, Microsoft's AI research team inadvertently exposed 38 terabytes of the company's confidential data. The breach was discovered by cloud security startup Wiz, and occurred due to an incorrectly configured link to a bucket of training data containing open-source code and AI models for image recognition.

Users accessing this repository were provided with a link from Azure, Microsoft's cloud storage service, to download the models. However, this Azure Storage URL was misconfigured and granted access to the entire storage account, thereby exposing additional private data by mistake. According to Mashable, the exposed data included full backups of two Microsoft employees' computers, sensitive personal data, passwords to various Microsoft services, and secret keys.

Wiz's report indicates that the data might have been exposed since 2020. The exposure was attributed to an Azure feature known as Shared Access Signature (SAS) tokens, which are essentially signed URLs that grant access to Azure Storage data. While they can be configured to limit access to specific files or datasets, the link provided by the AI team was set up with full access permissions.

Upon being alerted by Wiz on June 22, 2023, Microsoft took swift action, invalidating the SAS token just two days later.

Following an internal investigation completed in August, Microsoft stated that no customer data was exposed and no other internal services were compromised due to this oversight. The company further emphasized that as a result of Wiz’s findings, it has expanded GitHub’s secret spanning service to monitor for incorrectly configured SAS tokens.

Wiz co-founder and CTO Ami Luttwak highlighted the challenges faced by tech companies in the AI domain. Speaking to TechCrunch, he mentioned, "AI unlocks huge potential for tech companies. However, as data scientists and engineers race to bring new AI solutions to production, the massive amounts of data they handle require additional security checks and safeguards. With many development teams needing to manipulate massive amounts of data, share it with their peers or collaborate on public open source projects, cases like Microsoft’s are increasingly hard to monitor and avoid.”

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.