Sensitive data including COVID-19 vaccinated statuses, social security numbers and email addresses were exposed online due to weak Microsoft Power Apps default settings, according to Upguard.
Upguard Research he revealed too many data leaks exposing 38 million files through Microsoft Power Apps portals configured to allow access of the public.
Data leaks affect Companies American Airlines, Microsoft, JB Hunt and the governments of Indiana, Maryland and New York.
UpGuard Research first discovered the problem that affected the ODdata API in a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft on June 24.
According to Upguard, the primary problem is that all types of data were public while some data, such as private data identification, should be private. The misconfiguration resulted in some very private data being exposed.
Microsoft Power Apps are tools for designing applications and creating public and private websites.
