Incident 571: Accidental Exposure of 38TB of Data by Microsoft's AI Research Team

Description: Microsoft's AI research team accidentally exposed 38TB of sensitive data while publishing open-source training material on GitHub. The exposure included secrets, private keys, passwords, and internal Microsoft Teams messages. The team utilized Azure's Shared Access Signature (SAS) tokens for sharing, which were misconfigured, leading to the wide exposure of data.

Tools

New Report New Response DiscoverView History

Entities

View all entities

Alleged: Microsoft's AI Research Division developed an AI system deployed by Microsoft, which harmed Microsoft , Microsoft employees and Third parties relying on the confidentiality of the exposed data.

Incident Stats

Incident ID

571

Report Count

Incident Date

2023-06-22

Editors

Daniel Atherton

Applied Taxonomies

MIT

MIT Taxonomy Classifications

Machine-Classified

Taxonomy Details

Risk Subdomain

2.1. Compromise of privacy by obtaining, leaking or correctly inferring sensitive information

Risk Domain

Privacy & Security

Entity

Human

Timing

Post-deployment

Intent

Unintentional

Incident Reports

Reports Timeline

38TB of data accidentally exposed by Microsoft AI researchers

wiz.io

wiz.io · 2023

Microsoft’s AI research team, while publishing a bucket of open-source training data on GitHub, accidentally exposed 38 terabytes of additional private data — including a disk backup of two employees’ workstations.
The backup includes …

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.