38 million records exposed, Microsoft Power Apps blamed
Social security numbers, vaccination statuses, and other sensitive pieces of data were left publicly accessible.
What you need to know
- The default settings of Microsoft's Power Apps were blamed for 38 million records being exposed.
- Leaked data includes Social Security numbers, COVID-19 vaccination statuses, and other pieces of sensitive information.
- Microsoft has since changed its default settings for Power Apps.
Thousands of web apps left sensitive data exposed online due to misconfigured settings for Microsoft Power Apps. Thirty-eight million records appeared online, including social security numbers, COVID-19 vaccination statuses, home addresses, and phone numbers. American Airlines, J.B. Hunt, Microsoft, and several government bodies are among the affected organizations. UpGuard notified 47 entities regarding the data exposure and reached out to Microsoft about it as well (via WIRED).
The data leaks came as a result of organizations using Microsoft's Power Apps. These can be used to create websites and to manage data, but if misconfigured can result in security risks. Power Apps can be used to manage data that organizations would like to have public, such as the locations of vaccination centers, as well as data that should remain private, such as Social Security numbers. The default settings for Power Apps left data publicly accessible until a recent change from Microsoft.
While Microsoft's service listed the implications of these settings, they were not made clear, according to UpGuard:
Microsoft has since enabled table permissions by default. The company has also provided a tool to help Power Apps users diagnose the security of their portals.
Upguard summarizes its thoughts and findings, which spreads blame across multiple parties:
Upguard also states that "Microsoft has done the best thing they can" by switching to enable table permissions by default and providing a diagnostic tool for users.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org.