Sensitive data including COVID-19 vaccinated statuses, social security numbers and email addresses were exposed online due to weak Microsoft Power Apps default settings, according to Upguard.
Upguard Research he revealed too many data leaks exposing 38 million files through Microsoft Power Apps portals configured to allow public access.
Data leaks affect American Airlines, Microsoft, JB Hunt and the governments of Indiana, Maryland and New York.
UpGuard Research first discovered the ODdata API problem on a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft on June 24.
According to Upguard, the primary problem is that all data types were public while some data, such as personal identification, would have to be private. Incorrect configuration has resulted in some very private data being displayed.
Microsoft Power Apps are tools for designing applications and creating public and private websites.