36 million data including data of Covid-19 vaccintion has been leaked
More than 36 million records of more than a thousand web apps used by Microsoft's Power App platform have been leaked online. The researchers said the records included the Covid-19 contact tracing initiative, vaccine registration and staff databases such as home address, phone number, social security number and whether they had been vaccinated. News Engadget.
The leak involved information from a number of large companies and organizations, including American Airlines, Ford, the Indiana Department of Health, and New York City Public Schools. Most of the errors have already been fixed.
Researchers at security company UpGuard have been noticing the issue since last May. They see that the confidential data of many power apps has been published online. Anyone can see this information if they know the correct address.
The main goal of the Power Apps service is to help customers easily create web and mobile apps. It provides developers with APIs for data collection. Using this API, the data is open to everyone by default. Manual configuration is required to keep data secret.
UpGuard and Microsoft started alerting the affected companies and organizations as soon as they came to know about the issue. Data has already been privatized in the default settings of power apps. Tools have also been released so that developers can view their power apps settings.
DBTech / BMT
