Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

please do not ever show sensitive information as part of logins

Copper Contributor

I frequently use azure pipelines while streaming to hundreds of viewers on twitch

and now they have my phone number because you showed it in plain text without warning

I am very unhappy about this

 

I tried to go through azure support here: https://developercommunity.visualstudio.com/t/please-do-not-ever-show-sensitive-information-as-p/143...

 

and they told me to talk to technical support, so I went through technical support and they told me to post here.

 

sure_who_needs_privacy.png

16 Replies

@asottile 

Hello

I am not an expert on this topic, but since you confirm that you are streaming it you have been treated as a content provider and contact details can be shared!

Please explain your inquiry in more detail! 

no the fact that I stream content is unrelated -- it's just more unfortunate because I was streaming

it is a security issue to show sensitive information on screen unprompted -- most services obfuscate this information such as ***-***-**00 or such. imagine a scenario where a creepy dude is looking over ones shoulder at the library or something

@asottile 

Hello

I understand your concerns!

There are 121 Community Groups in the MTC and if you use Azur there should be an inquiry!

perhaps even in one More Group Security Compliance and Identity!

Start a discussion there because in this Group we are talking about the principles of MTC space!

I'll add links:

I've been told repeatedly this has nothing to do with azure and that this is specifically a microsoft login issue

I've been bounced around three times now this is absurd

Well you explained a lot - I'm thinking about the idea for you!
Have you set up a windows hello sign-in method?
Are you using a local account, or do you have a synced Microsoft account with Windows? do you have Edge as your default browser?
Of course, please do not answer these questions publicly - I want this to be a clue.
If your computer is managed by an organization, it is also a matter of Group Policy and logon methods chosen by the organization!
To maintain any security policy I suggest deleting a screenshot that contains a lot of private data you can do while editing.
it is a personal account, this has nothing to do with windows nor organization group policies -- this is a browser login for azure devops.
Well see how much you have already ruled out the reasons!
But it wasn't login just information that there is a problem with your account and I would try to find in this solution if it was a proper synchronization would not in my opinion trouble with your account and it needs repair by the user .
I have already confirmed it is not a problem with my account, this is a security issue with microsoft's backend software (trust me, I'm a software developer, I've implemented similar systems at 3 F500 companies).
perfectly!
Please explain to me how you can help?
I am not a Microsoft employee, but I try to help you for sure the problem that you have presented is important in the MTC is 600 thousand Members can someone find a solution.
@A1 to be honest, I don't expect you to help me -- I was told to post here so that a microsoft employee would see this and take action

@asottile 

I'm glad you're in MTC!

In fact, such reports are needed and believe me that surely Microsoft employees thanks to this discussion saw your topic!

Thank you Good luck.

Andrew 

@asottile 

Hello again!

I'm happy because Community Manager has moved your post to the right place!

You really need your statement and it's worth being here!

Andrew