Larry Dignan
for Between the Lines
| August 23, 2021 — 18:46 GMT (19:46 BST)
| Topic: Security
Sensitive data including COVID-19 vaccination statuses, social security numbers and email addresses have been exposed due to weak default configurations for Microsoft Power Apps, according to Upguard.
Upguard Research disclosed multiple data leaks exposing 38 million data records via Microsoft Power Apps portals configured to allow public access.
The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Upguard first discovered the issue involving the ODdata API for a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft June 24.
According to Upguard, the primary issue is that all data types were public when some data like personal identifying information should have been private. Misconfiguration led to some private data being surfaced.
Microsoft Power Apps are low-code tools to design apps and create public and private web sites.
Security
Kaseya ransomware attack: What you need to know
Surfshark VPN review: It’s cheap, but is it good?
The best browsers for privacy
Cyber security 101: Protect your privacy
The best antivirus software and apps
The best VPNs for business and home use
The best security keys for 2FA
How victims who pay the ransom encourage more attacks (ZDNet YouTube)
Related Topics:
Security TV
Data Management
CXO
Data Centers
Larry Dignan
for Between the Lines
| August 23, 2021 — 18:46 GMT (19:46 BST)
| Topic: Security