Black Friday Sale is here!

Up to

60%

off in software solutions and tools for a very limited time. Hurry up!

off in software solutions. Hurry up!

Latest

Stories

Default Settings in Microsoft Tool Have Exposed 38 Mn Users’ Data

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

Must Read

Cyber security researchers reported that a default permissions settings in Microsoft Power Apps might have exposed the data of 38 million users online.

According to security research network UpGuard, the types of data included personal information used for Covid-19 contact tracing, vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.

Also Read

UpGuard notified 47 entities of exposures involving personal information, including governmental bodies like Indiana, Maryland, and New York City, and private companies like American Airlines, J.B. Hunt, and Microsoft, for a total of 38 million records across all portals.

“The number of accounts exposing sensitive information, however, indicates that the risk of this feature — the likelihood and impact of its misconfiguration — has not been adequately appreciated,” the UpGuard team said in a blog post.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

Microsoft Power Apps is a product for making “low code”, cloud-hosted business intelligence apps. Power Apps portals are a way to create a public website to “give both internal and external users secure access to your data.”

Users can create websites in the Power Apps UI with application capabilities like user authentication, forms for users to enter data, data transformation logic, storage of structured data, and APIs to retrieve that data by other applications.

“Our conversations with the entities we notified suggested the same conclusion: multiple governmental bodies reported performing security reviews of their apps without identifying this issue, presumably because it has never been adequately publicized as a data security concern before,” they added.

There is, however, no evidence that the data has been exploited.

On May 24, an UpGuard analyst first discovered that the OData API for a Power Apps portal had anonymously accessible list data, including personally identifiable information.

The owner of that application was notified, and the data was secured.

“That case led to the question of whether there were other portals with the same situation — the combination of configurations allowing lists to be accessed anonymously via OData feed APIs, and sensitive data collected and stored by the apps,” the team noted.

As reported by Wired, Microsoft has now changed the default permissions settings responsible for the exposure.

Save up to 60% on OptinMonster

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -