It has been reported that sensitive data including COVID-19 vaccination statuses, social security numbers and email addresses have been exposed due to weak default configurations for Microsoft Power Apps, according to Upguard. Upguard Research disclosed multiple data leaks exposing 38 million data records via Microsoft Power Apps portals configured to allow public access. The data leaks impacted American Airlines, Microsoft, J.B. Hunt and governments of Indiana, Maryland and New York City. Upguard first discovered the issue involving the ODdata API for a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft June 24.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.