Wednesday, August 25, 2021 by Tatiora | Discussion: Personal Computing
Another day, another data leak.
This time, it comes courtesy of a popular development platform called Power Apps. This Microsoft web tool allows organizations to quickly create web apps and has an abundance of tools for public facing websites and back-end data management. In spite of the tool's usefulness, it comes with its dangers: incorrectly configuring the product can leave huge segments of private data visible to the public.
Cybersecurity firm UpGuard recently discovered that as many as 47 entities have misconfigured their Power Apps in a way that left data exposed. Those with data breaches included several large companies, government entities, and even Microsoft itself. Some very large entities like the states of Maryland and Indiana's governments are included in this data breach.
According to researchers at UpGuard, the leaked data includes plenty of sensitive information, including “personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.”
Microsoft's leaks include a collection of 332,000 email addresses and employee IDs that are used for payroll purposes. Due to UpGuard's report, Microsoft shifted its permissions and adjusted PowerApps to make it more secure to use. Hopefully, this fixes the issue and clears up this particular breach.
Have you been personally affected by a data breach before?
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!