You may have seen the TechCrunch article about Microsoft researchers accidentally exposing terabytes of sensitive internal data when providing access to some AI training data.
In summary:
This data included 38 terabytes of sensitive information, including the personal backups of two Microsoft employees’ personal computers. The data also contained other sensitive personal data, including passwords to Microsoft services, secret keys and more than 30,000 internal Microsoft Teams messages from hundreds of Microsoft employees.
The URL, which had exposed this data since 2020, was also misconfigured to allow “full control” rather than “read-only” permissions, according to Wiz, which meant anyone who knew where to look could potentially delete, replace and inject malicious content into them.
TechCrunch
Microsoft was alerted to the issue in June and had it fixed a day or so later. Investigations don’t think anything was compromised, so it ends well.
But we only know what we know. We don’t know what we don’t know ie how many compromises aren’t we even aware of…
The safest approach is to assume everything sensitive and private that we have, will at some point be exposed – likely through no fault of our own, rather through the services we use.
Just last week a local bookstore franchise in Australia alerted us to a massive hack that meant our personal details, DOB, memberships, mobile etc (no payment details though thankfully) had all been exposed. And they had confirmation it had been sold on hacker forums as well. This is just one of many that have happened lately.
With that in mind, how prepared are you?