Upguard Research has revealed that 38 million data records including COVID-19 vaccination status, Social Security numbers and email addresses were exposed in Microsoft’s latest data leak.
This was because of weak default configurations for Microsoft Power Apps, low-code tools used to design apps and create public and private websites.
According to Upguard, the problem was first discovered on May 24, when it affected the ODdata API for a Power Apps portal, and the company submitted a vulnerability report to Microsoft on June 24.
Upguard went on to explain that the event occurred after all data types were released, when some data, such as personal identification, should have been kept private, leading to a misconfiguration that caused some private data to leak.
According to Upguard’s report, the data leaks affected many well-known American companies, including American Airlines, Microsoft, governments of Indiana, Maryland, New York City, J B. Hunt and others.
For more information, read the original story in ZDNet.