Incident 571: Accidental Exposure of 38TB of Data by Microsoft's AI Research Team

Description: Microsoft's AI research team accidentally exposed 38TB of sensitive data while publishing open-source training material on GitHub. The exposure included secrets, private keys, passwords, and internal Microsoft Teams messages. The team utilized Azure's Shared Access Signature (SAS) tokens for sharing, which were misconfigured, leading to the wide exposure of data.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: Microsoft's AI Research Division developed an AI system deployed by Microsoft, which harmed Microsoft , Microsoft employees and Third parties relying on the confidentiality of the exposed data.

Incident Stats

Incident ID

571

Report Count

Incident Date

2023-06-22

Editors

Daniel Atherton

Applied Taxonomies

MIT

MIT Taxonomy Classifications

Machine-Classified

Taxonomy Details

Risk Subdomain

2.1. Compromise of privacy by obtaining, leaking or correctly inferring sensitive information

Risk Domain

Privacy & Security

Entity

Human

Timing

Post-deployment

Intent

Unintentional

Incident Reports

Reports Timeline

38TB of data accidentally exposed by Microsoft AI researchers

wiz.io

wiz.io · 2023

Microsoft’s AI research team, while publishing a bucket of open-source training data on GitHub, accidentally exposed 38 terabytes of additional private data — including a disk backup of two employees’ workstations.
The backup includes …

Variants

A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.

Seen something similar?