Researchers have discovered that a data breach within Microsoft‘s Power Apps portal apps has left 38 million records exposed.
The scale of vulnerability affected more than 1,000 web apps, and covered private information that includes COVID-19 contact tracing, vaccination registrations and statuses, employee databases with details such as home addresses and phone numbers, and even social security numbers. Those affected include Ford, American Airlines, a whole range of New York City public schools, the Indiana Department of Health and more.
When research firm Upguard notified Microsoft of the vulnerabilities, the tech giant insisted that the architecture was by design. However, under pressure from its customers, Microsoft ultimately issued the following statement to Engadget: “Our products provide customers flexibility and privacy features to design scalable solutions that meet a wide variety of needs. We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs.” Since the revelation, Microsoft has also made sure that Power Apps portal apps will keep their data private by default.
Elsewhere in tech, PayPal has now expanded its cryptocurrency trading options to the United Kingdom.
