SME Times is powered by   
Search News
Just in:   • Adani Group to invest Rs 57,575 crore in Odisha  • 'Dollar Distancing' finally happening? Time for India to pitch Rupee as credible alternative: SBI Ecowrap  • 49% Indian startups now from tier 2, 3 cities: Jitendra Singh  • 'India ranks 3rd in global startup ecosystem & number of unicorns'  • LinkedIn lays off entire global events marketing team: Report 
Last updated: 18 Sep, 2023  

Microsoft.9.Thmb.jpg Microsoft fixes internal data exposure, says no customer data breach

Microsoft.9.jpg
   Top Stories
» 28 Indian startups raised over $800 mn in funding this week
» GST Council waives interest, penalty on notices to taxpayers under Section 73
» India's innovation ecosystem poised for exponential growth: Industry
» India's innovation ecosystem poised for exponential growth: Industry
» Overseas Indians faith grows in Indian economy with $1 billion deposits in April
IANS | 18 Sep, 2023
Microsoft on Monday admitted that backups of two former employees’ workstation profiles and internal Microsoft Teams messages of these two employees with their colleagues were exposed accidentally, adding that no customer data was exposed.

The admission came as cloud security startup Wiz discovered a GitHub repository belonging to Microsoft’s AI research division as part of its work into the accidental exposure of cloud-hosted data.

After identifying the exposure, Wiz reported the issue to the Microsoft Security Response Center (MSRC). 

The tech giant investigated and remediated the incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. 

“This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account. Security researchers at Wiz were then able to use this token to access information in the storage account,” said Microsoft. 

“No customer data was exposed, and no other internal services were put at risk because of this issue,” the tech giant said in a blog post.

SAS tokens provide a mechanism to restrict access and allow certain clients to connect to specified Azure Storage resources. 

In this case, a researcher at Microsoft inadvertently included this SAS token in a blob store URL while contributing to open-source AI learning models and provided the URL in a public GitHub repository. 

“There was no security issue or vulnerability within Azure Storage or the SAS token feature. Like other secrets, SAS tokens should be created and managed properly. Additionally, we are making ongoing improvements to further harden the SAS token feature and continue to evaluate the service to bolster our secure-by-default posture,” Microsoft noted.

The information that was exposed consisted of information unique to two former Microsoft employees and these former employees’ workstations. 

“Customers do not need to take any additional action to remain secure,” said the company.

 
Print the Page
Add to Favorite
 
Share this on :
 

Please comment on this story:
 
Subject :
Message:
(Maximum 1500 characters)  Characters left 1500
Your name:
 

 
  Customs Exchange Rates
Currency Import Export
US Dollar
66.20
64.50
UK Pound
87.50
84.65
Euro
78.25
75.65
Japanese Yen 58.85 56.85
As on 13 Aug, 2022
  Daily Poll
Will the Budget 2024 be MSME friendly
 Yes
 No
 Can't say
  Commented Stories
» GIC Re's revenue from obligatory cession threatened(1)
 
 
About Us  |   Advertise with Us  
  Useful Links  |   Terms and Conditions  |   Disclaimer  |   Contact Us  
Follow Us : Facebook Twitter