cypher-market-online

Oops, Microsoft left 38TB of sensitive data exposed for 3 years including internal Teams chats

By Dr. Evelyn Reed | November 18, 2025 | 7 min read

Even the smartest of boffins can trip up sometimes, and that's exactly what happened after a member of Microsoft's AI research team accidentally exposed 38TB of sensitive internal data after misconfiguring a link.

Wiz, a cloud security company that routinely looks for vulnerabilities or exposures of cloud-hosted data detailed the exposure on its blog (via ITWire). It found a GitHub repository belonging to Microsoft’s AI research division, hosting open-source code and AI models for image recognition. But that's not all Wiz found.

A configuration error allowed anyone access the entire storage account, and this data included two complete PC backups belonging to Microsoft employees. According to Wiz, the data included "sensitive personal data, including passwords to Microsoft services, secret keys, and over 30,000 internal Microsoft Teams messages from 359 Microsoft employees."

Furthermore, the files weren't read-only. They could be rewritten or deleted at will. In fairness to Microsoft riches777 — and the employees, access to the files wasn't completely public. Access was granted via an Azure sharing feature called a SAS token, which is a shareable link, but in this case it granted full access. Anyone with that link, which would include users looking to access the AI source code, would have had access.

Your next upgrade

Nvidia RTX 4070 and RTX 3080 Founders Edition graphics cards

(Image credit: Future)

Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.

What's worse is that the data has been exposed since 2020. Microsoft was g2g1bet made aware of the exposure in June this year, meaning the data was available for three years.

Microsoft posted a lengthy statement on its own blog, stating "No customer data was exposed, and no other internal services were put at risk because of this issue. No customer action is required in response to this issue".

That sounds fair, but internally there is sure to be a few red faces and breathless IT personnel running this way and that to change PG SLOT passwords and keys that were exposed. Just in case.

Kids, adults, gamers, and boffins alike, it's important to configure your storage accounts correctly. You never know who might come sniffing.

Discussion (3)

CoinCatcher400

Website layout is very clean, intuitive, and easy to navigate. I can quickly find my favorite games, access promotions, and check my account details without any confusion. It’s a pleasure to use.

CoinDropper230

The bonuses are nice and offer great value, although they could be a bit more frequent. I love being part of the VIP program, which gives me extra rewards and makes me feel appreciated as a loyal player.

BetKing688

Some games take a while to load on mobile, but once they start, the gameplay is smooth and exciting. I hope future updates improve mobile performance, but I still enjoy playing several hours a day.

Recommended Reading

From Girly Idol Group To Hit Nintendo Game

Prolific Japanese music producer Mitsuo Terada (aka “Tsunku”) is best [[link]] known for producing idol J poppppp group Morning Musume and helping to launch the career of singers like Aya Matsuura. He also cre...

Game Sales Up 17% In The UK

Music sales are down, movie takings are down, consumer spending is down…lucky for British retail, then, that game [[link]] sales are on the up! In fact, they’re so up that it’s making everything else look good...

GOG.com Goes Postal

CD Projekt’s DRM-free classic [[link]] PC game service GOG.com ditches class in favor of crass with the addition of Running With Scissors infamous Postal series. The folks at GOG have been quite busy since we ...