21CTO

Sep 20, 2023 · Information Security

How a Misconfigured Azure SAS Token Exposed 38 TB of Microsoft Data

Microsoft inadvertently exposed 38 TB of private data, including employee passwords, private keys, and over 30,000 internal Teams messages, due to a misconfigured Azure SAS token in a public GitHub repository, prompting security researchers to alert the company and prompting Microsoft to revoke the token and tighten SAS best practices.