The UPGUARD security company has blamed the default permit setting in the application builder tool from Microsoft, called Power Apps, to expose 38 million users of users online.
According to UPGUARD, the user record is stored on Microsoft services, including personal information, mistakenly left open.
The power application tool allows companies to manufacture websites and cellular applications to interact with the public.
According to UPGUARD, the default software configuration settings this service means that the organizational data affected is left without protection until recently repaired.
This data includes names, addresses, financial information, and Covid-19 vaccination status.
However, fortunately while the data exposed there were no signs of compromise anything before the leak was resolved.
Who organizations affected by 47 US government organizations and entities are said to have been influenced by this data violation.
These names include American Airlines, Ford, JB Hunt and public agents such as the Ministry of Health Maryland and the New York City public transit system.
How Exposed of Vice President Cyber ​​Research Greg Pollock told Wired, who first reported data exposure, that in researchers from the company began investigating a large number of power application portals described publicly, including in some power applications made by Microsoft for its own needs , In May this year.
“We found one of these wrong configurations to expose data and we thought, we have never heard of this, is this a problem once or is this a systemic problem?” He says.
“Because the way the Portal Power Apps Portal functions, it’s very easy to do a survey quickly.
And we find there are many of these open ones.
It’s wild,” he added.
They then revealed the findings to Microsoft.
How Microsoft completes the Thismicrosoft business says that it tells the customer when the potential risk of security is open to enable them to correct problems.
“We consider serious security and privacy, and we encourage our customers to use best practices when configuring the best products.
Privacy needs,” said a spokesman.
The company announces that the power application portal will now default to store fire data and other information personally.
It has also released a tool that allows customers to check their portal settings.
On his side, Microsoft MANAINS is not a vulnerability because the application is configured according to user permission.