Connect with us

Hi, what are you looking for?

Tech & Science

Microsoft Power Apps leads to 38 Million records exposed online

In recent months, over thousand web apps have mistakenly exposed 38 million records on the open Internet.

US and allies condemn China for 'malicious' cyber activity: US official
The United States formally accused cyber actors affiliated to China's Ministry of State Security of conducting the massive Microsoft Exchange Server hack disclosed in March - © AFP/File FARSHAD USYAN
The United States formally accused cyber actors affiliated to China's Ministry of State Security of conducting the massive Microsoft Exchange Server hack disclosed in March - © AFP/File FARSHAD USYAN

A Microsoft Power Apps API vulnerability led to more than a thousand web apps accidentally exposing 38 million records online. Since the APIs were defaulted to make data publicly accessible, organizations had to manually enable their privacy settings. Among the companies affected are major players like American Airlines.

Microsoft’s Power Apps portal service is a development platform designed to make it easy to create web or mobile apps for external use. Despite coming from a reputable company, it remains that the misconfiguration of cloud-based databases stands as serious issue with many incidences being reported over the past few years (as reported by Wired).

As a result of this customization requirement, customers misconfigured their apps by leaving the insecure default. The exposed records included data from various COVID-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases, such as phone numbers, home addresses, Social Security numbers and an individual’s vaccination status.

Looking into matters for Digital Journal is Nathanael Coffing, co-founder and CSO of Cloudentity, in case it’s helpful for your article.

According to Coffing the issues was avoidable had greater thought been given to the way that the technology was set up. He notes: “In this scenario, the application programming interfaces (APIs) on Microsoft Power Apps were lacking authentication and authorization which made data from these applications publicly available, so that anyone actively searching for a web app containing users’ information could have easily accessed personal data such as COVID-19 tracing forms, vaccination sign-ups and employee databases.”

There are lessons to be learned from the incident says Coffing , and this is notwithstanding the optimal efforts to correct things.

Coffing  says: “While the flaws discovered in the platform have been patched, it’s still evident that organizations have a long way to go in terms of proper API security. To prevent misconfigurations and similar vulnerabilities from occurring, APIs must be securely operated within Automated Identity, Authorization, Consent and governance guardrails to safeguard sensitive data.”

Coffing adds the further recommendation: “To stay ahead of cybercriminals, this necessary level of security requires organizations to implement context-based, granular authorization for APIs, along with a Zero Trust API Authorization approach. Only then can organizations ensure all internal, customer and partner data that is stored and collected by their APIs is completely secure.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Most Asian markets rose Monday following a rally on Wall Street and record-breaking day in Europe.

Tech & Science

As AI has become more and more sophisticated, it appears that many of the jobs (and skills) that were what set people apart are...

Social Media

"Millions of connections" from social network X will be re-established on rivals BlueSky or Mastodon from Monday, a French researcher said.

Tech & Science

One of the most common pitfalls for travelers is the reliance on public Wi-Fi networks.