AI researchers from Microsoft accidentally expose 38 terabytes of internal data

(Representative Image)

Microsoft's AI researchers inadvertently left the company susceptible to fraud, by accidentally exposing 38 terabytes of private, internal data that included passwords and private keys.

The flaw was with the open-source training data for the AIs that the team published on code repository, GitHub.

According to TechCrunch, that quoted research from cloud security company Wiz, the URL to download the data accidentally and publicly granted access to Microsoft's entire storage account.

The data included personal backups of Microsoft employees, personal data, passwords and private keys to internal Microsoft messages.

Wiz said that the URL was mistakenly configured to allow "full control", instead of "read-only" permissions. This meant that anyone could have potentially downloaded, modified or worse, erased the data.

It was also a breeding ground for bad actors to inject malicious code to gain access to more of Microsoft's internal systems.

"With many development teams needing to manipulate massive amounts of data, share it with their peers or collaborate on public open source projects, cases like Microsoft’s are increasingly hard to monitor and avoid," Wiz co-founder and CEO, Ami Luttwak told TechCrunch in an interview.

Wiz told Microsoft about the problem on June 22, and the company revoked the permissions on June 24. Microsoft said that it had conducted an internal investigation on August 16.

Microsoft also stated that "no customer data was exposed, and no other internal services were put at risk because of this issue".