New Delhi. The security firm has alleged that the default settings of an app-building tool from Microsoft. The name of this tool is Power Apps. It is alleged that it has exposed the data of 38 million users online. According to the UpGuard report, the user’s data was stored in a Microsoft service which included personal information. It has been accidentally exposed online. Speaking of Power Apps tools, it allows companies to interact with the public to create websites and mobile apps. The report also said that the default software configuration setting of the service meant that the data of organizations whose data was affected was left unprotected until it was corrected. This data included name, address, financial information, Covid-19 vaccination status etc. Although data was exposed, but till the time the matter was resolved, no tampering was done with the data.
Which organizations were affected:
It is being said that 47 organizations and institutions of the US government have been affected by this data breach. These include American Airlines, Ford, JB Hunt and public agencies such as the Maryland Department of Health and New York’s public transportation system.
How did the data get exposed?
According to a report, UpGuard’s vice president of cyber research, Greg Pollock, said that the firm’s researchers began investigating a large number of Power Apps portals that publicly exposed data that should have been completely private. . It also includes some of Microsoft’s Power Apps that Microsoft made for itself in the month of May. We found one in which data was exposed due to misconfiguration and we wondered if we had ever heard of it. Is this a one time thing or is it a systematic issue? Surveying the way the Power Apps portal product works is very easy. It was only after reaching all the conclusions that we took this matter to Microsoft.
How did Microsoft fix the issue?
Microsoft said, “We take security and privacy seriously, and we encourage our customers to use best practices when configuring any product. This takes into account users’ privacy,” the company announced. Power Apps portals now default to private collection of API data and other information. The company has also released a tool that allows customers to check their portal settings.”
[Attribution to NBT]