Vulnerability cyber

Microsoft

Dec 15, 2024 1 min read
Microsoft

In May, Microsoft introduced Recall, an AI that takes screenshots every five seconds for user convenience. However, concerns were raised about privacy and security, leading to delayed launch and modifications. Despite these changes, Tom's Hardware testing revealed the 'filter sensitive information' feature failed to prevent gathering sensitive data. Specifically, Recall captured credit card numbers, social security numbers, and other personal data while filling out a Notepad window and a loan application PDF, compromising users' financial information and privacy.

Source: https://www.wired.com/story/microsoft-recall-credit-card-social-security-numbers/

TPRM report: https://scoringcyber.rankiteo.com/company/microsoft

"id": "mic000121524",
"linkid": "microsoft",
"type": "Vulnerability",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Microsoft',
                        'size': 'Large',
                        'type': 'Corporation'}],
 'data_breach': {'file_types_exposed': ['Notepad window', 'PDF'],
                 'personally_identifiable_information': ['credit card numbers',
                                                         'social security '
                                                         'numbers',
                                                         'other personal data'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['credit card numbers',
                                              'social security numbers',
                                              'other personal data']},
 'date_detected': 'May 2023',
 'description': 'In May, Microsoft introduced Recall, an AI that takes '
                'screenshots every five seconds for user convenience. However, '
                'concerns were raised about privacy and security, leading to '
                'delayed launch and modifications. Despite these changes, '
                "Tom's Hardware testing revealed the 'filter sensitive "
                "information' feature failed to prevent gathering sensitive "
                'data. Specifically, Recall captured credit card numbers, '
                'social security numbers, and other personal data while '
                'filling out a Notepad window and a loan application PDF, '
                "compromising users' financial information and privacy.",
 'impact': {'data_compromised': ['credit card numbers',
                                 'social security numbers',
                                 'other personal data']},
 'post_incident_analysis': {'root_causes': 'Insufficient data filtering in AI '
                                           'screenshot feature'},
 'references': [{'source': "Tom's Hardware"}],
 'title': 'Microsoft Recall AI Privacy and Security Incident',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Insufficient data filtering in AI screenshot '
                            'feature'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.