Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday August 24, @01:41PM   Printer-friendly

Upguard Research disclosed multiple data leaks exposing 38 million data records via Microsoft Power Apps portals configured to allow public access. From ZDNet:

Sensitive data including COVID-19 vaccination statuses, social security numbers and email addresses have been exposed due to weak default configurations for Microsoft Power Apps, according to Upguard.

[...] The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Upguard first discovered the issue involving the ODdata API for a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft June 24.

According to Upguard, the primary issue is that all data types were public when some data like personal identifying information should have been private. Misconfiguration led to some private data being surfaced.

The Washington Times adds:

Power Apps is a development platform that makes it easy to create web or mobile apps for external use.

If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend.

'We found one of these that was misconfigured to expose data and we thought, we've never heard of this, is this a one-off thing or is this a systemic issue?' said Greg Pollock, UpGuard's vice president of cyber research.

[...] 'And we discovered there are tons of these exposed. It was wild.'

Also at Yahoo News


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 4, Insightful) by Gaaark on Tuesday August 24, @02:17PM (1 child)

    by Gaaark (41) on Tuesday August 24, @02:17PM (#1170324) Journal

    From the makers of the most insecure operating system ever, for only 6 payments of first sons we bring you Microsoft Power App! Leave all your data exposed and when it is stolen, inform us so we can tell you to "f*ck off!" How's our driving today? Call 1-800-F*CK-OFF.

    What. a. surprise! I. am. surprised. i. tell. you. Surprised.

    What. am. i?

    Surprised.

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 2) by FatPhil on Tuesday August 24, @03:00PM

      by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Tuesday August 24, @03:00PM (#1170343) Homepage
      It's the new feature they're trying to monetise - ILaaS, information leakage as a service. Invest now, it's going to be huge.
      --
      I know I'm God, because every time I pray to him, I find I'm talking to myself.
  • (Score: 0) by Anonymous Coward on Tuesday August 24, @02:40PM (1 child)

    by Anonymous Coward on Tuesday August 24, @02:40PM (#1170333)

    News at 11

    • (Score: 0) by Anonymous Coward on Tuesday August 24, @05:20PM

      by Anonymous Coward on Tuesday August 24, @05:20PM (#1170407)

      Washington Moonie Times? Sourced on the Front Page?

  • (Score: -1, Offtopic) by Anonymous Coward on Tuesday August 24, @02:46PM

    by Anonymous Coward on Tuesday August 24, @02:46PM (#1170336)

    ..

  • (Score: 0) by Anonymous Coward on Tuesday August 24, @02:51PM

    by Anonymous Coward on Tuesday August 24, @02:51PM (#1170339)

    Last time they stored millions of customer service records in a container on The Cloud unsecured. Oops. Did you think those GB of logs you sent were private? Nope. Thanks Microshaft.

  • (Score: -1, Offtopic) by Anonymous Coward on Tuesday August 24, @03:07PM

    by Anonymous Coward on Tuesday August 24, @03:07PM (#1170345)

    Smartest programmer who ever lived

  • (Score: 3, Funny) by Tork on Tuesday August 24, @04:29PM

    by Tork (3914) on Tuesday August 24, @04:29PM (#1170370)

    Upguard Research disclosed multiple data leaks exposing 38 million data records via Microsoft Power Apps portals configured to allow public access.

    Heh. Some intern was installing software and didn't check "advanced".

    --
    Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
(1)