Microsoft Azure OpenAI Service

Incidents involved as Deployer

Incident 9561 Report
Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

2025-02-28

A dataset used to train large language models allegedly contained 12,000 live API keys and authentication credentials. Some of these were reportedly still active and allowed unauthorized access. Truffle Security found these secrets in a December 2024 Common Crawl archive, which spans 250 billion web pages. The affected credentials could have been exploited for unauthorized data access, service disruptions, financial fraud, and a variety of other malicious uses.

Incident 9551 Report
Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

2024-12-19

A global cybercrime network, Storm-2139, allegedly exploited stolen credentials and developed custom tools to bypass AI safety guardrails. They reportedly generated harmful deepfake content, including nonconsensual intimate images of celebrities, and their software is reported to have disabled content moderation, hijacked AI access, and resold illicit services. Microsoft disrupted the operation and filed a lawsuit in December 2024, later identifying key members of the network in February 2025.

Microsoft Azure OpenAI Service

Incidents involved as Deployer

Incident 9561 ReportAlleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

Incidents implicated systems

Incident 9551 ReportGlobal Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

Related Entities Related EntitiesOther entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.

Related Entities

Unidentified Storm-2139 actor from Illinois

Incidents involved as both Developer and Deployer

Unidentified Storm-2139 actor from Florida

Incidents involved as both Developer and Deployer

Storm-2139

Incidents involved as both Developer and Deployer

Ricky Yuen (cg-dot)

Incidents involved as both Developer and Deployer

Phát Phùng Tấn (Asakuri)

Incidents involved as both Developer and Deployer

Arian Yadegarnia (Fiz)

Incidents involved as both Developer and Deployer

Alan Krysiak (Drago)

Incidents involved as both Developer and Deployer

Victims of deepfake abuse

Incidents Harmed By

OpenAI

Incidents involved as both Developer and Deployer

Incidents Harmed By

Microsoft

Incidents involved as both Developer and Deployer

Incidents Harmed By

celebrities

Incidents Harmed By

Azure OpenAI customers

Incidents Harmed By

AI service providers

Incidents Harmed By

Proxy and credential abuse networks

Incidents implicated systems

Generative AI platforms

Incidents implicated systems

Content moderation systems

Incidents implicated systems

Azure Abuse Enterprise

Incidents implicated systems

API authentication mechanisms

Incidents implicated systems

AI safety guardrails

Incidents implicated systems

Common Crawl

Incidents involved as both Developer and Deployer

AWS

Incidents Harmed By

Slack

Incidents Harmed By

Mailchimp

Incidents Harmed By

Google

Incidents Harmed By

Intel

Incidents Harmed By

Huawei

Incidents Harmed By

PayPal

Incidents Harmed By

IBM

Incidents Harmed By

Tencent

Incidents Harmed By

Common Crawl dataset (December 2024 archive)

Incidents implicated systems

Microsoft Copilot

Incidents implicated systems

Google Gemini

Incidents implicated systems

Anthropic Claude

Incidents implicated systems

ChatGPT

Incidents implicated systems

xAI Grok

Incidents implicated systems

DeepSeek

Incident 9561 Report
Alleged Inclusion of 12,000 Live API Keys in LLM Training Data Reportedly Poses Security Risks

Incident 9551 Report
Global Cybercrime Network Storm-2139 Allegedly Exploits AI to Generate Deepfake Content

Related Entities