Recently, reports began to emerge about a Microsoft data leak involving potentially sensitive internal information. In a September 18, 2023, report, Microsoft explains that the incident involved a Microsoft employee who inadvertently shared information needed to access internal information. Microsoft indicates that the incident only involved two employees’ workstations; however, at least one report indicates that there was some amount of personal information contained on the employees’ workstations.
If you receive a data breach notification from Microsoft, it is essential you understand what is at risk and what you can do about it. While Microsoft has explained that no customer data was released, the company did not mention whether other employee data was affected. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options. For more information, please see our recent piece on the topic here.
What Caused the Microsoft Data Leak?
The Microsoft data leak was only recently announced, and more information is expected in the near future. However, Microsoft’s recent report sheds some light on what led up to the leak. According to this source, in June 2023, a Microsoft employee shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. However, unbeknownst to the Microsoft employee, the shared URL included the SAS token for an internal storage account. Using this token, which granted broad access, cybersecurity researchers were able to access internal Microsoft information.
The leaked data consisted of 38TB of data, including the backups of Microsoft employee workstations, which contained sensitive personal information. In addition, employee credentials, secret keys and 30,000 internal Teams messages were also accessible.
Upon learning about the incident, Microsoft worked with the cybersecurity researchers to inform others in the industry about ways to prevent similar leaks in the future. However, Microsoft also notes that “No customer data was exposed, and … No customer action is required in response to this issue.”
More Information About Microsoft
Microsoft is a software and technology company based out of Redmond, Washington. Microsoft develops, licenses, and supports software products, services, and devices, including the Windows operating system, Office 365, and the Xbox video game console. Microsoft is considered one of the Big Five American information technology companies, employing more than 210,000 people and generating approximately $204 billion in annual revenue.