Millions of data records stored by Microsoft are mistakenly exposed
Some 38 million records stored on a Microsoft service, including private information, were mistakenly left exposed this year, security firm UpGuard said on Monday.
Data, including names, addresses, financial information and Covid-19 vaccination statuses, was made vulnerable – but not compromised – before the issue was resolved, according to the digital security firm’s investigation .
Among the 47 organizations involved were American Airlines, Ford, JB Hunt, and public agencies such as the Maryland Department of Health and the New York City Transit System.
They all used a Microsoft product called Power Apps, which enables the creation of websites and mobile apps to interact with the public.
The service’s default software configuration setting meant data from affected organizations was left unprotected until June 2021, according to UpGuard.
“As a result of this research project, Microsoft has since made changes to the Power Apps portals,” the report says.
Microsoft said it informed customers when potential security risks were discovered so that they could fix the issues themselves.
“We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in a way that best meets their privacy needs,” said a spokesperson.
But UpGuard said it would have been better to change the way the software works at the source, and how customers use it, rather than “labeling the systemic loss of data privacy as a problem. poor end-user configuration, allowing the problem to persist “.
Indiana Notifying 750K After Accessing COVID-19 Trace Data
© 2021 AFP
Quote: Millions of Microsoft stored data records exposed in error (2021, August 24) retrieved on August 24, 2021 from https://techxplore.com/news/2021-08-millions-microsoft-stored-mistakenly- exposed.html
This document is subject to copyright. Other than fair use for private study or research purposes, no part may be reproduced without written permission. The content is provided for information only.