PowerApps is a low-code solution platform launched by Microsoft. Enterprises can quickly build and deploy applications by simply dragging and dropping templates.
However, the misconfiguration of the platform disclosed up to 38 million user data to the Internet, including social security numbers and whether users have been vaccinated.
The security company said that the default configuration of the platform uses tabular data instead of list data to enhance security, and even some of Microsoft’s employee salaries have been leaked.
Currently, this platform is mainly used by governments, medical institutions, educational institutions, and enterprises throughout the United States. Data breaches of this scale are obviously not safe enough.
Although this is a platform owned by Microsoft, the operation is mainly the responsibility of each organization itself. After Microsoft’s inspection, it is believed that this is a deliberate use of an unsafe configuration.
This insecure configuration allows anonymous users to directly access the platform to retrieve all data, that is, as long as the address is obtained, they can directly access it without an account password.
Microsoft has blocked relevant security weaknesses and notified the government and corporate customers through server-side updates. At the same time, it has released tools to help government and corporate customers detect and update data.
In addition, Microsoft also recommends that security companies directly report the problem to affected government and corporate customers.
The company stated in the statement that Microsoft attaches great importance to security and privacy, and encourages customers to use its platform to configure product services while meeting the best privacy requirements.