Another day, another data breach.

This time, 38 million records from 1,000+ web apps on Microsoft’s Power Apps portals platform have been exposed online.

The data leaked includes some pretty sensitive data, including:

  • COVID-19 contact tracing records
  • Vaccine registrations
  • Phone numbers
  • Home addresses
  • Social security numbers

According to UpGuard, the organization who uncovered the vulnerability, some of the companies and organizations whose data was exposed include American Airlines, Ford, J.B. Hunt, New York City Public Schools and Municipal Transportation Authority, Maryland and Indiana Departments of Health, and others.

The report stated that the vulnerability has been resolved, and can be found on Microsoft’s Power Apps developer page.

Power Apps is a tool that allows organizations to easily make mobile and web apps, utilizing application programming interfaces (APIs) that allow developers to utilize the data each app collects. Per Engadget, security company UpGuard found that the API made the data public by default, and required a manual change to make it private.

In UpGuard’s report on the data leaks, it’s clear that this is part of a larger issue – one we learned with SolarWinds and Microsoft Exchange earlier this year: Organizations need to find ways to manage third-party risks.

Following a month of research on this possible vulnerability, UpGuard disclosed it to Microsoft on June 24, 2021. Microsoft’s Security Response Center replied to the initial inquiry that the behavior was considered to be “by design.” However, they reconsidered this as UpGuard began to contact some of the more severe cases – namely, American Airlines, J.B. Hunt, and several state and local governments who were heavily affected.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent news posts

This is a sample blog post title.
Featured Image

Cybersecurity Trends in 2023: What Do the Experts Say?

This is a sample blog post title.
Featured Image

Twitter’s New Ownership Sparks Changes to Security Structure

This is a sample blog post title.
Featured Image

Latin America Cyber Community Challenges Fast-Growing Threat Landscape

This is a sample blog post title.
Featured Image

Third-Party Threats Pose Problems for Healthcare Sector

This is a sample blog post title.
Featured Image

CISA, FBI Cite No Specific Cybersecurity Threat to Midterm Elections

Attend an Event!

Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.

Register Today