By Design: How Default Permissions on Microsoft Power Apps Exposed Millions

siteadmin May 8, 2023

The Microsoft Power Apps portal was found to be exposing sensitive personal data collected during the COVID-19 epidemic due to misconfigurations. The exposed data included job applicant social security numbers and employee IDs, COVID-19 contact tracing and vaccination data, and millions of names and email addresses. The data leaks were discovered by the UpGuard Research Team, which notified 47 public and private institutions, including governmental bodies in Indiana, Maryland, New York City, Microsoft, American Airlines, and J.B. Hunt. The total number of leaked records across all portals amounted to 38 million.