Microsoft’s PowerApps solution has suffered a data leak that has left 38 million records exposed online. Included in the leak are vaccine statuses for COVID-19 and social security numbers. According to UpGuard, the company that discovered the leak, says default security on the platform leave some tools exposed.
Specifically, while default configurations in PowerApps protect tables secure, it does not protect lists. Data from 47 businesses, including Microsoft payroll information and government agency data was exposed.
Among those who have confirmed they were affected by the leak are the Maryland Department of Health and its COVID test appointments, New York City Department of Education rosters, employees lists from the New York Metropolitan Transit Authority, and contact-tracing data from the Indiana Department of Health.
UpGuard tried to inform Microsoft of the problem but the company responded by saying the “behavior is considered to be by design”. After Microsoft’s response, UpGuard disclosed the leak to affected companies.
Individual companies then took action to shore up the leak, while Microsoft helped government clients handle the issue. Furthermore, a new Microsoft tool allows users in PowerApps to detect when lists are open to anonymous access.
In a statement Microsoft says:
“We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs.”
PowerApps allows developers and businesses create applications without needing to use coding, and it is now available in public preview.
There are now over 100 integrations within PowerApps, with this update bringing tighter integration with Azure Functions.
The service is a part of Microsoft’s Power Platform alongside Flow and Power BI.
Tip of the day: The Windows 10 Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.
In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.