Home > Tech

Microsoft AI team accidentally leaks 38TB of private company data

Whoops.
 By 
Matt Binder
 on 
Share on Facebook Share on Twitter Share on Flipboard
Microsoft logo on mobile device
The Microsoft AI research team inadvertently shared a link that gave visitors full permissions to 38TB of private company data. Credit: Omar Marques/SOPA Images/LightRocket via Getty Images

AI researchers at Microsoft have made a huge mistake.

According to a new report from cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company's private data.

38 terabytes. That's a lot of data.

You May Also Like

The exposed data included full backups of two employees' computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees.

So, how did this happen? The report explains that Microsoft's AI team uploaded a bucket of training data containing open-source code and AI models for image recognition. Users who came across the Github repository were provided with a link from Azure, Microsoft's cloud storage service, in order to download the models.

One problem: The link that was provided by Microsoft's AI team gave visitors complete access to the entire Azure storage account. And not only could visitors view everything in the account, they could upload, overwrite, or delete files as well. 

Wiz says that this occurred as a result of an Azure feature called Shared Access Signature (SAS) tokens, which is "a signed URL that grants access to Azure Storage data." The SAS token could have been set up with limitations to what file or files could be accessed. However, this particular link was configured with full access.

Adding to the potential issues, according to Wiz, is that it appears that this data has been exposed since 2020.

Wiz contacted Microsoft earlier this year, on June 22, to warn them about their discovery. Two days later, Microsoft invalidated the SAS token, closing up the issue. Microsoft carried out and completed an investigation into the potential impacts in August.

Microsoft provided TechCrunch with a statement, claiming “no customer data was exposed, and no other internal services were put at risk because of this issue.”

Topics Cybersecurity Microsoft

Mashable Potato
Recommended For You
Microsoft 365 Outlook down: Microsoft breaks silence on outage
By Matt Binder
Microsoft logo
iPhone 18 leaks about Dynamic Island redesign may have been the result of mistranslation
By Matt Binder
Dynamic Island
iPhone Fold leaks, rumors, and renders: Everything we know
By Tim Marcin , Stan Schroeder , and Timothy Beck Werth
a hypothetical render of the iPhone Fold on a stylized mashable background
Researchers say they convinced Gemini to leak Google Calendar data (updated)
By Matt Binder
Google Gemini logo next to a man on a mobile device
Panera Bread breach: ShinyHunters claims hack of 14 million customers' data
By Matt Binder
Panera Bread logo on storefront
Trending on Mashable
NYT Connections hints today: Clues, answers for April 3, 2026
By Mashable Team
Connections game on a smartphone
Wordle today: Answer, hints for April 3, 2026
By Mashable Team
Wordle game on a smartphone
AirDrop on Pixel: Every Google smartphone that supports the Apple feature
By Alex Perry
Google Pixel 10 against blue background
What's new to streaming this week? (April 3, 2026)
By Belen Edwards and Kristy Puchko
A composite of images from film and TV streaming this week.
NYT Strands hints, answers for April 3, 2026
By Mashable Team
A game being played on a smartphone.
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!