It's not every day you stumble upon a treasure trove of secrets. But that's precisely what happened when a Microsoft researcher, probably multitasking between coding and binge-watching cat videos, shared a URL on a public GitHub repository. Little did they know, they were about to gift the world 38TB of Microsoft's deepest data secrets.

Picture this: June 2023, a Microsoft researcher innocently shares a URL on a public GitHub repository while contributing to an open-source AI model. Harmless, right? Wrong. The URL contained a "shared access signature" (SAS) token, and this wasn't your average token.

28 Years of Access

SAS tokens, designed to restrict access to Azure Storage (part of Microsoft’s cloud Cloud The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc Read this Term offering), are like the wild cards in a deck of otherwise predictable playing cards. They're flexible, and herein lies the rub. Users can customize access levels, adjust expiry times, and essentially create tokens that never expire – our star token was valid till 2051, a good 28 years from now. You can learn all about them here, courtesy of Microsoft. Perhaps read on first, though.

Now, here's where we go from mild mishap to serious problem. This particular SAS token, configured with the techy finesse of a bull in a china shop, granted access across an entire storage account. A storage account that happened to house 38TB of data, including sensitive employee information, secret keys, and internal team messages. Oops.

🚨 BREAKING: Wiz Research discovers a massive 38TB data leak by Microsoft AI researchers, including 30,000+ internal Teams messages.

Here's what you need to know 🧵 pic.twitter.com/2V8u9IekGV

— Wiz (@wiz_io) September 18, 2023

Keys to the Kingdom?

Thankfully, it wasn't all doom and gloom. The brilliant minds at Wiz.io, a cloud security firm, discovered the mishap and joined forces with Microsoft to contain the chaos. In a coordinated vulnerability disclosure report, they revealed the mishap. The silver lining? No customer data was exposed, and the incident has given Microsoft a valuable lesson. Now, releasing the inside story after the problem has been resolved and fixed, hopefully to never happen again, is common in the world of IT security – The eagle-eyed among you will have noticed that this occurred in June, but the story’s only recently been doing the rounds. However, it certainly sounds like Microsoft had to jump when Wiz.io got on the phone and no doubt there were some hasty apologies.

Microsoft acknowledged the blunder and promised to enhance its SAS token feature. They also emphasized the importance of creating and managing these tokens properly, just like guarding the keys to your kingdom.

The key takeaway from all of this is to not share your data in a public space. We can’t believe we’ve had to write that, but there you go.

For more news and amusements, be sure to follow Trending.