Some 38 million records stored on a Microsoft service, including private information, were mistakenly left exposed this year, security firm UpGuard said Monday.

The data, including names, addresses, financial information and Covid-19 vaccination statuses, was made vulnerable -- but not compromised -- before the problem was resolved, according to the digital security company's investigation.

Among the 47 affected organizations were American Airlines, Ford, JB Hunt and public agencies such as the Maryland Department of Health and New York City's public transit system.

They all used a Microsoft product called Power Apps, which allows for the creation of websites and mobile apps to interact with the public.

The service's default software configuration setting meant the data of the affected organisations was left without protection up until June 2021, according to UpGuard.

"As a result of this research project, Microsoft has since made changes to Power Apps portals," the report said.

Microsoft said it had let clients know when potential security risks were uncovered so that they could fix the problems themselves.

"We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs," a spokesperson said.

But UpGuard said it would have been better to change the way the software works at the source, and based on how customers use it, rather than "to label systemic loss of data confidentiality an end user misconfiguration, allowing the problem to persist."

juj/vgr/caw/dva/oho

MICROSOFT

American Airlines

Related Links
Satellite-based Internet technologies

Tweet

Thanks for being there; We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Monthly Supporter $5+ Billed Monthly Option 1 : $5.00 USD - monthly Option 2 : $10.00 USD - monthly Option 3 : $15.00 USD - monthly Option 4 : $20.00 USD - monthly Option 5 : $25.00 USD - monthly Option 6 : $50.00 USD - monthly Option 7 : $100.00 USD - monthly paypal only		SpaceDaily Contributor $5 Billed Once credit card or paypal

China passes tough new online privacy law
Beijing (AFP) Aug 20, 2021
China passed a sweeping privacy law aimed at preventing businesses from collecting sensitive personal data Friday, as the country faces an uptick in internet scams and Beijing targets tech giants hoovering up personal data. Under the new rules passed by China's top legislative body, state and private entities handling personal information will be required to reduce data collection and obtain user consent. The Chinese state security apparatus will maintain access to swathes of personal data, howe ... read more