Another day, another data leak.
This time, it comes courtesy of a popular development platform called Power Apps. This Microsoft web tool allows organizations to quickly create web apps and has an abundance of tools for public facing websites and back-end data management. In spite of the tool's usefulness, it comes with its dangers: incorrectly configuring the product can leave huge segments of private data visible to the public.
Cybersecurity firm UpGuard recently discovered that as many as 47 entities have misconfigured their Power Apps in a way that left data exposed. Those with data breaches included several large companies, government entities, and even Microsoft itself. Some very large entities like the states of Maryland and Indiana's governments are included in this data breach.
According to researchers at UpGuard, the leaked data includes plenty of sensitive information, including “personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.”
Microsoft's leaks include a collection of 332,000 email addresses and employee IDs that are used for payroll purposes. Due to UpGuard's report, Microsoft shifted its permissions and adjusted PowerApps to make it more secure to use. Hopefully, this fixes the issue and clears up this particular breach.
Have you been personally affected by a data breach before?