Researchers find 1,000+ web apps, from Ford, American Airlines, and others, mistakenly exposed 38M records stored on Microsoft's Power Apps service
Including Contact-Tracing Info Keumars Afifi-Sabet / IT PRO : Microsoft Power Apps misconfiguration exposes 38 million records James Vincent / The Verge : Check your permissions: default settings in Microsoft tool exposes 38 million user records online Ravie Lakshmanan / The Hacker News : 38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations Agence France-Presse : Millions Of Microsoft-stored Data Records Mistakenly Exposed Vish Gain / Silicon Republic : Microsoft Power Apps data leak exposed 38m records - UpGuard Phil Muncaster / infosecurity-magazine.com : Microsoft Power Apps Tool Exposed 38 Million Records by Default Lucas Ropek / Gizmodo : A Misused Microsoft Tool Leaked Troves of Data From 47 Organizations Lauren C. Williams / Federal Computer Week : FCW Insider: August 24, 2021 Tom Spring / Threatpost : Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs Nathaniel Mott / PCMag : UpGuard Discovers 38M Records Leaked From 1,000-Plus Misconfigured Web Apps Maggie Miller / The Hill : New research finds 38 million records exposed online earlier this year Thomas Claburn / The Register : 38 million records exposed by misconfigured Microsoft Power Apps. Redmond's advice? RTFM Dark Reading : 38M Records Exposed via Microsoft Power Apps Misconfiguration Maria Deutscher / SiliconANGLE : Misconfigured Microsoft Power Apps applications found to expose 38M records Surur / MSPoweruser : Microsoft's PowerApps exposed 38 million private records Adam Rowe / Tech.co : Microsoft Power Apps Snafu Exposes 38M Records Larry Dignan / ZDNet : Microsoft Power Apps misconfiguration exposes 38 million data records Paul Thurrott / Thurrott : Misconfigured Power Apps Portals Exposed Data for 38 Million Users Benjamin Freed / StateScoop : Microsoft platform leaked 38 million files from states, large businesses Kris Holt / Engadget : Data leak exposed 38 million records, including COVID-19 vaccination statuses Usama Jawad / Neowin : 38 million records exposed because companies used default configs in Microsoft Power Apps portals Wesley Hilliard / AppleInsider : 38 million records left exposed on public databases thanks to weak Microsoft Power App defaults Kip Kniskern / OnMSFT.com : Fixed Microsoft PowerApps flaw left 38 million records exposed Sean Endicott / Windows Central : Sensitive data exposed through Microsoft Power apps Tweets: Kevin Beaumont / @gossithedog : Wait til people look at what's in PowerBI and exposed to the internet. https://www.upguard.com/... Troy Hunt / @troyhunt : “The Cloud” has made it faster and easier than ever to publish information online. It's also faster and easier than ever to *unintentionally* publish information online! https://www.wired.com/... @privacyspeak : Web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. https://www.wired.com/... #DataBreach #privacy Fullmetal Anarchist / @vulgarcontend3r : Another day, another data breach. Think twice about who has access to your sensitive data. https://www.engadget.com/... Brian / @arekfurt : “Secure default settings matter.” https://www.wired.com/... https://twitter.com/... Michael Bargury / @mbrg0 : Low Code misconfiguration results in 38M records exposed across multiple customers. Organizations must build their Low Code apps with the same level of security standards as other apps to align with the shared responsibility model https://www.howtogeek.com/... Lance Ulanoff / @lanceulanoff : Always. Make. Privacy. The. Default. “Enabling privacy settings was a manual process.” https://www.wired.com/... Benjamin Freed / @brfreed : Cyber firm @UpGuard is out this morning with new research that large organizations — including states and major corporations — using a Microsoft app-development tool exposed 38 million sensitive records because of how its default settings are configured. https://statescoop.com/... @upguard : NEWS: Microsoft platform leaked 38M records, including contact tracing info, from 47 entities including states and large businesses. https://www.upguard.com/... Kenn White / @kennwhite : I shared a few thoughts on issues with Microsoft's popular Power Apps portal cloud service and the problem with complex, insecure defaults. To their credit, just before publication MSFT released a patch that defaults API data tables to non-world-readable. https://www.wired.com/...