Accidental Exposure of 38TB of Data by Microsoft's AI Research Team

June 22, 2023

The Microsoft AI research team unwittingly disclosed 38TB of sensitive data while publishing open-source training material on GitHub. The exposed materials included secrets, private keys, passwords, and internal Microsoft Teams messages, all due to misconfigured Azure Shared Access Signature (SAS) tokens for data sharing. This incident underscores the importance of safe and secure AI practices and the need for robust governance mechanisms like those provided by Project Cerebellum. To get involved in shaping trustworthy AI and prevent such incidents, JOIN US.

Learn more about how this incident maps to HISPI Project Cerebellum TAIM's Govern function.

Matched TAIM controls

Suggested mapping from embedding similarity (not a formal assessment). Browse all TAIM controls

MEASURE 2.10 — similarity 0.676, rank 1. TAIM detail and related incidents →
MAP 4.1 — similarity 0.670, rank 2. TAIM detail and related incidents →
MAP 1.6 — similarity 0.655, rank 3. TAIM detail and related incidents →

Alleged deployer: microsoft
Alleged developer: microsoft's-ai-research-division
Alleged harmed parties: microsoft, microsoft-employees, third-parties-relying-on-the-confidentiality-of-the-exposed-data

Source

Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/571

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.