Large companies might have realized the dangers of not encrypting users’ data by now after several large and highly publicized breaches in the last few years.
But Microsoft is the latest to be implicated in an enormous potential data breach – with an incredible 38 million users’ personal details placed at risk.
Microsoft Power Apps is the problem. This tool allows businesses to create cloud-based apps easily. This tool is used worldwide by many companies, including Metro Bank, Toyota and Heathrow Airport, as well as many educational, healthcare, and medical organisations.
Cybersecurity experts discovered this week that more than 1,000 apps using the tool accidentally revealed sensitive data. This includes names, addresses, and phone numbers for Covid. It is widely used in America to verify your identity span.
Researchers warned 47 organizations, including Ford and American Airlines as well as the New York Subway, New York, USA, about the vulnerability. Microsoft had created non-secure applications using its technology.
These breaches were caused by badly-set up apps that had made personal data public. Even anonymous users can access any data they want if a toggle isn’t switched in an app correctly. You could also search Google for some of this information.
But it warned something like this could happen again: “As more information is moved online, the frequency of sensitive data being made publicly available increases… Platform operators [should] take ownership of misconfiguration issues sooner, rather than leave third-party researchers to identify and notify all instances of such misconfigurations.”
Publiated at Thu 26 August 2021, 07:10:37 +0000