🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

TechCrunch · 1y ago

Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. Cloud security startup Wiz discovered a GitHub repository belonging to Microsoft's AI research division that inadvertently exposed 38 terabytes of personal data, including Microsoft employees' personal backups and passwords to Microsoft services. The exposed data had been accessible since 2020. Microsoft has addressed the issue and expanded GitHub's secret spanning service to monitor for such exposures.

Related News

Microsoft's AI Research Division Exposes Sensitive Data in GitHub Mishap

Business Bytes

Business Bytes · 1y ago

Microsoft's AI Research Division Exposes Sensitive Data in GitHub Mishap

Microsoft's AI research division inadvertently exposed sensitive internal data, including passwords and private keys, while attempting to make certain data open-source on GitHub. This breach highlights the challenges of balancing open-source innovation with data security. Microsoft is investigating the extent of the exposure and taking steps to enhance security measures to prevent future incidents. It emphasizes the need for robust cybersecurity practices and comprehensive training for employees handling sensitive information.

Copilot exposes private GitHub pages, some removed by Microsoft

Arstechnica

Arstechnica · 5m ago

Microsoft's Copilot AI assistant accidentally exposed over 20,000 private GitHub repositories, affecting organizations like Google and Intel. These repositories, initially public, included sensitive data and were later set to private, but remained accessible through Copilot due to Bing’s cache mechanism. Despite Microsoft's efforts to fix the issue, Copilot still accessed cached private data. This incident highlights the risks of embedding sensitive information directly in public repositories and underscores the need for improved data security practices.

Microsoft employees exposed internal passwords in security lapse

TechCrunch · 1y ago

Microsoft employees exposed internal passwords in security lapse

Researchers have discovered an open and public storage server on Microsoft's Azure cloud service that exposed internal files and credentials related to the Bing search engine. The server stored code, scripts, and configuration files containing passwords, keys, and credentials used by Microsoft employees to access other internal databases and systems. The data could have helped malicious actors locate other storage locations and potentially compromise additional services. Microsoft has fixed the security lapse following notification from the researchers. This incident follows a series of cloud security issues at Microsoft over recent years.

Microsoft left internal passwords exposed in latest security blunder

The Verge

The Verge · 1y ago

Microsoft left internal passwords exposed in latest security blunder

Last month, Microsoft faced a server security breach that exposed passwords, keys, and credentials of its employees to the internet. The vulnerability was discovered by three security researchers at SOCRadar, who found that an Azure-hosted server related to Microsoft's Bing search engine was left unprotected and accessible to anyone. The server contained security credentials used by Microsoft employees to access internal systems, making it a potential gateway for hackers to access other critical data. This incident highlights the need for stronger security measures in the software industry.

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Wired · 3d ago

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Security researchers exposed a vulnerability in OpenAI’s Connectors that allowed data extraction from Google Drive via an indirect prompt injection attack. By hiding malicious prompts in small, invisible text within a document, they could trick ChatGPT into sending sensitive data, like API keys, to an external server. This reflects growing risks as AI models integrate with external services, expanding attack surfaces for hackers. OpenAI has since implemented mitigations to address this issue.

Copilot exposes private GitHub pages, some removed by Microsoft

Arstechnica

Arstechnica · 5m ago

Microsoft's Copilot AI inadvertently exposed over 20,000 private GitHub repositories from major companies by retaining access to them even after they were set to private. Originally public and later privatized due to containing sensitive data, these repositories remained accessible via Copilot through Bing's cache. Despite Microsoft implementing partial fixes, private data still emerges through Copilot, compromising security. Lasso's discovery highlights the ongoing risk of inadequate data removal and the need for meticulous credential management.

Top global network service provider apparently leaks hundreds of millions of user accounts

Techradar

Techradar · 1y ago

Top global network service provider apparently leaks hundreds of millions of user accounts

A global network service provider, Zenlayer, left a database with sensitive internal and customer information exposed on the internet without password protection. The breach was discovered by cybersecurity researcher Jeremiah Fowler, who alerted the company. The database contained 380 million records, including server logs, customer data, and files labeled with various categories. The information leak exposed details about Zenlayer's operations and customer records, potentially putting them at risk. It is unclear how long the database was unprotected or if any malicious actors accessed it.

Security researchers found a zero-click vulnerability in Microsoft 365 Copilot.

The Verge

The Verge · 1m ago

Security researchers found a zero-click vulnerability in Microsoft 365 Copilot.

Security researchers discovered a "zero-click" vulnerability named “EchoLeak” in Microsoft 365 Copilot. This flaw allowed attackers to exfiltrate sensitive data by sending a malicious prompt injection disguised as a regular email. Fortunately, Microsoft has addressed the issue and assigned it the identifier CVE-2025-32711. No instances of the vulnerability being exploited in the wild were reported.

Security researchers found a zero-click vulnerability in Microsoft 365 Copilot.

The Verge

The Verge · 1m ago

Security researchers found a zero-click vulnerability in Microsoft 365 Copilot.

Security researchers discovered a zero-click vulnerability, named "EchoLeak," in Microsoft 365 Copilot. This flaw allowed attackers to extract sensitive information without user awareness by sending a malicious email prompt, instructing Copilot to access confidential data. Microsoft has addressed the issue, identifying it as CVE-2025-32711, and confirmed it has not been exploited in the wild.

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

The Verge

The Verge · 3d ago

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

Microsoft's new NLWeb protocol, designed to bring AI search to websites and apps, has been found to have a significant security flaw. This path traversal vulnerability allows unauthorized access to sensitive files, including API keys. Microsoft addressed the flaw after reports from researchers Aonan Guan and Lei Wang, but has not yet issued a CVE, which the researchers advocate for increased awareness. The discovery emphasizes the importance of prioritizing security as AI systems evolve.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

GitHub's CEO Drops a Bombshell: " ...

Validation, loneliness, insecurit ...

ChatGPT-5 launch: Altman felt ‘us ...

Download the medial app to read full posts, comements and news.