Jump to content
  • Millions of Microsoft-stored data records mistakenly exposed

    aum

    • 431 views
    • 2 minutes
     Share


    • 431 views
    • 2 minutes

    Some 38 million records stored on a Microsoft service, including private information, were mistakenly left exposed this year, security firm UpGuard said Monday.

     

    The data, including names, addresses, financial information and Covid-19 vaccination statuses, was made vulnerable—but not compromised—before the problem was resolved, according to the digital security company's investigation.

     

    Among the 47 affected organizations were American Airlines, Ford, JB Hunt and public agencies such as the Maryland Department of Health and New York City's public transit system.

     

    They all used a Microsoft product called Power Apps, which allows for the creation of websites and mobile apps to interact with the public.

     

    The service's default software configuration setting meant the data of the affected organizations was left without protection up until June 2021, according to UpGuard.

     

    "As a result of this research project, Microsoft has since made changes to Power Apps portals," the report said.

     

    Microsoft said it had let clients know when potential security risks were uncovered so that they could fix the problems themselves.

    "We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs," a spokesperson said.

     

    But UpGuard said it would have been better to change the way the software works at the source, and based on how customers use it, rather than "to label systemic loss of data confidentiality an end user misconfiguration, allowing the problem to persist."

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...