Sensitive data including vaccination status for COVID-19, αριθμούς κοινωνικής ασφάλισης και διευθύνσεις ηλεκτρονικού post officey were exposed online due to weak default settings of Microsoft Power Apps, according to Upguard.
Upguard Research he revealed too many data leaks exposing 38 million files through Microsoft Power Apps portals configured to allow public access.
Data breaches affect American companies Airlines, Microsoft, JB Hunt and the governments of Indiana, Maryland and New York.
UpGuard Research first discovered the ODdata API problem on a Power Apps portal on May 24 and submitted a vulnerability report to Microsoft on June 24.
According to Upguard, the primary problem is that all types of data were public while some data, such as private data identification, should be private. The misconfiguration resulted in some very private data being exposed.
Microsoft Power Apps are tools for designing applications and creating public and private websites.