SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Microsoft Power Apps Misconfiguration Exposes 38 Million Data Records
Date    Tuesday August 24, @01:41PM
Author    janrinok
Topic   
from the dept.
https://soylentnews.org/article.pl?sid=21/08/24/0911258

fliptop writes:

Upguard Research disclosed multiple data leaks exposing 38 million data records via Microsoft Power Apps portals configured to allow public access. From ZDNet:

Sensitive data including COVID-19 vaccination statuses, social security numbers and email addresses have been exposed due to weak default configurations for Microsoft Power Apps, according to Upguard.

[...] The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Upguard first discovered the issue involving the ODdata API for a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft June 24.

According to Upguard, the primary issue is that all data types were public when some data like personal identifying information should have been private. Misconfiguration led to some private data being surfaced.

The Washington Times adds:

Power Apps is a development platform that makes it easy to create web or mobile apps for external use.

If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend.

'We found one of these that was misconfigured to expose data and we thought, we've never heard of this, is this a one-off thing or is this a systemic issue?' said Greg Pollock, UpGuard's vice president of cyber research.

[...] 'And we discovered there are tons of these exposed. It was wild.'

Also at Yahoo News


Original Submission

Links

  1. "fliptop" - https://soylentnews.org/~fliptop/
  2. "Upguard Research disclosed multiple data leaks" - https://www.upguard.com/breaches/power-apps
  3. "ZDNet" - https://www.zdnet.com/article/microsoft-power-apps-misconfiguration-exposes-38-million-data-records/
  4. "The Washington Times adds:" - https://www.thewashingtontime.com/massive-microsoft-power-apps-data-breach-exposes-personal-details-of-38-million-people/
  5. "Yahoo News" - https://www.yahoo.com/entertainment/microsoft-power-apps-data-exposed-report-covid-19-api-configuration-165453736.html
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=50844

© Copyright 2022 - SoylentNews, All Rights Reserved

printed from SoylentNews, Microsoft Power Apps Misconfiguration Exposes 38 Million Data Records on 2022-01-28 20:37:50