Abuse and Mitigation of Misconfigured SAS Tokens
An AI research team recently made a massive mistake when they published a bucket of open-source training data on GitHub that included terabytes of additional private data. This data contained a disk backup of employees’ workstations, containing all their secrets, private keys, passwords and thousands of internal messages!
The researchers shared the files using SAS tokens, a feature from Azure Storage accounts that allows data to be shared through the system. The uninten...