Sensitive data including COVID-19 vaccinated situations, social security numbers and e-mail addresses were exposed online due to weak default settings of Microsoft Power Apps, according to Upguard.
Upguard Research he revealed too many data leaks which expose 38 million records through Microsoft Power Apps portals configured to enable access of the public.
Data leaks affect American Airlines, Microsoft, JB Hunt and the governments of Indiana, Maryland and New York.
UpGuard Research first discovered the ODdata API problem on a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft on June 24.
According to Upguard, the primary problem is that all data types were public while some data, such as personal identification, would have to be private. Incorrect configuration has resulted in some very private data being displayed.
Microsoft Power Apps are tools for designing applications and creating public and private websites.
