Overview
Severity: CRITICAL | Affected: Microsoft Azure AI | Category: breach
Microsoft has confirmed a significant data breach affecting its Azure AI Services platform. A misconfigured cloud storage container inadvertently exposed terabytes of customer data used for fine-tuning proprietary large language models. The exposed data includes source code, internal business documents, financial records, and personally identifiable information (PII) that customers had uploaded to customize models for their specific use cases. The breach was discovered by a third-party security researcher who alerted Microsoft. According to the company's incident report, the data was accessible for approximately 90 days before the issue was remediated. The incident highlights the critical risks associated with MLOps supply chains and the need for stringent access controls and automated configuration checks for cloud resources handling sensitive training data. Microsoft is currently notifying all affected customers and providing credit monitoring services.