Researchers belonging to cybersecurity company UpGuard have discovered a flaw in the Microsoft Power App application suite, which has left about 38 million user records exposed and vulnerable.. The weakness in the infrastructure has made it easy to target more than 1,000 web applications with sensitive data including Covid-19 vaccines and other personal information.
Microsoft: Power App has a flaw in the system
There are many companies that use Microsoft’s Power App platform. For all the companies that make frequent use this is therefore not good news, given that sensitive data for 38 million records were left on public display for months, due to some default security settings that are not suitable for guaranteeing adequate protection against cyber attacks.
Research conducted by UpGuard has indeed shown that an incredibly high number of Power App users do not actively protect their databases. Further investigation revealed that this problem was created precisely by the default security settings, which leave the data completely exposed, unless a manual adjustment is made.
According to a report by Wired, the data on display comes from sources such as American Airlines, Ford, New York City public schools, and the COVID-19 contact tracking database of multiple states. The initial UpGuard discovery was made in May 2021, but Microsoft’s corrective patch didn’t arrive until this August.
With the August update, Power Apps will have the option to keep this data private by default. UpGuard, for its part, has tried to communicate with all the entities whose sensitive data were exposed, but according to what the researchers explained, the scope of the problem is too broad to take into account any company.