Wiz found the link to the exposed data as a repository in Microsoft-owned GitHub during the cloud security vendor's regular internet scans. Shir Tamari, Wiz head of research, told TechTarget Editorial the "overly permissible token" had been publicly accessible on GitHub for the last three years, "making it possible for anyone to locate."
"A threat actor would not need deep technical expertise to gain access to this data. It could have been discovered and exploited by practically anyone," Tamari said.
In response, the Microsoft Security Response Center published a
blog post Monday dedicated to the exposure. The tech giant said it addressed the issue and emphasized that no customer data was exposed, no customer action is required and "no other internal services were put at risk because of this issue."