Microsoft Power Apps Breach Exposes 38 Million Users
Due to Microsoft’s Power Apps breach, 38 million users’ data was exposed online recently. The exposed data consists of phone and social security numbers, home addresses, and even COVID vaccination details.
Companies affected by this breach include New York City Municipal Transportation Authority, American Airlines, Ford, Maryland Department of Health, and New York City public schools.
At this time, it is unknown how the breach occurred or who is responsible. Shockingly, the breaches were found by UpGuard, a cybersecurity firm, in May. However, these findings were not public until this past Monday. According to UpGuard, none of the personal information exposed has been used fraudulently.
Wired reported that the exposed data was stored on Microsoft’s Power Apps. This service is a development platform that allows for the easy creation of mobile or web apps. With it, data management backend and public-facing sites can be generated without any hassles.
UpGuard’s Vice President of Cyber Research, Greg Pollock, stated that since it is easy to survey Power Apps, the cybersecurity firm was able to find out about the breach.
What is alarming about this breach is that it highlights how a lacking user interface could lead to a software vulnerability resulting in a breach that exposes the data of 38 million users. According to UpGuard Microsoft’s position about the breach is to blame users for not configuring their app permissions. But then again, Microsoft could be criticized for putting the entire blame on their users since their app is designed to assist individuals with little to no coding experience.
Microsoft announced that Power Apps portals would be storing API data and any other information privately to prevent further criticism. Now, exposed portals, and even sensitive ones, are stored privately.
For the latest happenings in the cybersecurity space, stay tuned with Ivacy VPN!