Geeks for your information News Privacy & Security News v
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,067 in 3,839 posts
Thanks Given: 6,263
Joined: 12 September 18
#1
Information  24 August 21, 18:36
Quote:For months, Microsoft’s Power Apps portals exposed personal data tied to 38 million records ranging from COVID-19 vaccination status, Social Security numbers and email addresses. Consumers most affected by what is being called a “platform issue” are those doing business with American Airlines, Ford, the Indiana Department of Health and New York City public schools.
 
Microsoft describes its Power Apps as a “suite of apps, services, and connectors, as well as a data platform, that provides a rapid development environment to build custom apps for your business needs.” The tool is used by developers to build applications that share data locally or with the cloud.
 
On Monday, UpGuard Research revealed Microsoft’s Power Apps management portal had inadvertently leaked the data of 47 businesses totaling the exposure of 38 million personal records. It asserted that Microsoft’s Power Apps platform was flawed in the way it forced customers to configure their data as private or public. Microsoft does not consider the leaky data issue a vulnerability, rather a configuration issue that can be improved on its part.
 
Besides data sets previously mentioned, researchers outlined what they found as:
 
American Airlines: A collection of 398,890 “contact” records, which included full names, job titles, phone numbers, and email addresses. A second “test” collection of data included 470,400 records, which included full names, job titles, phone numbers and email addresses.
 
Denton County, TX: A total of 632,171 records spilled included vaccination types, appointment dates and times, employee IDs, full names, email addresses, phone numbers, and birth dates. “The list ‘contactVaccinationSet’ had 400,091 records with fields for full names and vaccination types, and ‘contactset’ had 253,844 records with full names and email addresses,” researchers wrote.
 
J.B. Hunt Transport Services: The transportation logistics firm made public 905,228 records that included customer full names, email addresses, physical addresses and phone numbers. Over a quarter million of the records also included US Social Security numbers.
 
Microsoft’s own The Global Payroll Services Portal: Researchers found 332,000 records of Microsoft employees and contractors with their @microsoft.com email address, full name and phone numbers that appear to be for personal use.

Read more: Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
How to turn off App Promotions in Windo...
disable app promotio...marcojanson42 — 09:42
Microsoft Edge 125.0.2535.51
Version 125.0.2535...harlan4096 — 06:59
NoVirusThanks OSArmor 1.9.9
OSArmor v1.9.9 rel...harlan4096 — 06:00
INTEL Arc Graphics 31.0.101.5522
Highlights Gami...harlan4096 — 05:58
Malwarebytes 5.1.4.112
We have released a...Mohammad.Poorya — 21:27

[-]
Birthdays
Today's Birthdays
avatar (38)GregoryRog
Upcoming Birthdays
avatar (37)axuben
avatar (38)ihijudu
avatar (48)Mirzojap
avatar (34)idilysaju
avatar (38)odukoromu
avatar (44)Joanna4589

[-]
Online Staff
There are no staff members currently online.

>