A popular Microsoft tool used by some of the world’s largest companies was found exposing personal information for over 38 million people — including their names, social security numbers, and more. That’s a sentence that should stop most people in their tracks, but considering how many data breaches/vulnerabilities pop up every single day, it’s started to become a normal part of life. Phone numbers are exposed, personal email addresses get leaked, and there’s seemingly no way to stop any of this completely.
In 2021 alone, there have been numerous such incidents. T-Mobile recently found itself in the news for exposing the personal info of 47 million users because of a data breach. Facebook was also in hot water this past April when it revealed that data for more than 533 million individuals had leaked online. Strong passwords and two-factor authentication are great ways to keep online info secure, but when major corporations screw up and mishandle all of the data they’re sitting on, there’s not much that can be done.
The latest company to be guilty of this is Microsoft — specifically, Microsoft’s Power Apps tool. Power Apps allows businesses to quickly create web and mobile apps with minimal effort involved. It’s not as robust as creating an application from scratch, but it’s extremely useful if a company needs to whip up something as quickly as possible. Unfortunately, as discovered by security firm UpGuard and reported on by Wired, not changing the default permissions for the Power Apps tool exposed highly sensitive personal info for millions upon millions of people.
There’s No Evidence Of The Data Being Compromised
UpGuard says it discovered 47 companies exposing personal info through Power Apps applications, including American Airlines, J.B. Hunt, the Maryland Department of Health, and even Microsoft itself. Types of data being exposed included names, email addresses, employee IDs, social security numbers, COVID-19 contact tracing data, and more. As UpGuard‘s Greg Pollock explains, “We found one of these [apps] that was misconfigured to expose data and we thought, we’ve never heard of this, is this a one-off thing or is this a systemic issue? Because of the way the Power Apps portals product works, it’s very easy to quickly do a survey. And we discovered there are tons of these exposed. It was wild.”
Thankfully, there is a silver lining to all of this. While Power Apps was inadvertently exposing all of this personal data, UpGuard confirms there’s no evidence of any of it being compromised or leaked. Microsoft has also since fixed the issue, meaning there’s no longer a chance for that data to get into the wrong hands. That’s undoubtedly good news, but it’s also hard not to think about how much worse this whole situation could have been. This is one of those security scares that has a happy ending. As we see far too often, however, that’s not always the case. Regardless of how this latest incident turned out, it’s another reminder to be using secure and original passwords, 2FA when available, and to only hand over personal info to sites that are trusted.
