Slash Boxes

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Submission Preview

Link to Story

Microsoft Power Apps Misconfiguration Exposes 38 Million Data Records

Accepted submission by fliptop at 2021-08-23 22:09:14

Upguard Research disclosed multiple data leaks [] exposing 38 million data records via Microsoft Power Apps portals configured to allow public access. From ZDNet []:

Sensitive data including COVID-19 vaccination statuses, social security numbers and email addresses have been exposed due to weak default configurations for Microsoft Power Apps, according to Upguard.

[...]The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Upguard first discovered the issue involving the ODdata API for a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft June 24.

According to Upguard, the primary issue is that all data types were public when some data like personal identifying information should have been private. Misconfiguration led to some private data being surfaced.

Also at Yahoo News [] and The Washington Time []

Original Submission