TechCrunch reports that more than 20,000 GitHub repositories belonging to Microsoft, Amazon Web Services, Google, IBM, PayPal, and over 16,000 other organizations worldwide remained accessible via Microsoft Copilot even after they were made private.
Microsoft Copilot has continued showing repositories that have since been set to private or removed due to being cached and indexed by the firm's Bing search engine, findings from Israeli cybersecurity firm Lasso revealed.With Copilot leveraged to retrieve a now-deleted Microsoft GitHub repository hosting a tool enabling malicious artificial intelligence-based image creation, such a weakness could also be exploited to expose GitHub archives with sensitive corporate information, access keys and tokens, and intellectual property, according to Lasso researchers, who noted persistent Copilot data access even after Microsoft deactivated the Bing caching feature.Organizations with exposed GitHub repositories have already been notified while AWS, which denied being impacted by the issue, has been omitted from the study.
Microsoft Copilot has continued showing repositories that have since been set to private or removed due to being cached and indexed by the firm's Bing search engine, findings from Israeli cybersecurity firm Lasso revealed.With Copilot leveraged to retrieve a now-deleted Microsoft GitHub repository hosting a tool enabling malicious artificial intelligence-based image creation, such a weakness could also be exploited to expose GitHub archives with sensitive corporate information, access keys and tokens, and intellectual property, according to Lasso researchers, who noted persistent Copilot data access even after Microsoft deactivated the Bing caching feature.Organizations with exposed GitHub repositories have already been notified while AWS, which denied being impacted by the issue, has been omitted from the study.
