- Thread starter
- Staff
- #1
Dadparvar
Staff member
- Nov 11, 2016
- 10,735
- 0
- 6
The cyber security firm UpGuard released a report on Monday disclosing leaks of 38 million records from Microsoft’s PowerApps platform. The type of data exposed is highly personal in nature, including vaccination records, social security numbers for job applicants, COVID-19 contact tracing, and millions of email addresses and phone numbers.
UpGuard attributed the leak to a misconfiguration in Microsoft’s PowerApps platform. This platform allows users to create web and mobile applications. The data from such applications is stored within the Microsoft dataverse after the users enable OData (Open Data Protocol). The misconfigured default setting on Microsoft Portal permitted anonymous access to such data. Until the developer manually activated the “Enable Table permissions” option, the anonymous data access continued.
The leak has affected major institutions and companies, like the Indiana Department of Health, New York City public schools, American Airlines and Microsoft. Greg Pollock, UpGuard’s vice president of cyber research described the leak as “wild” and emphasized that it is the responsibility of cloud providers like Microsoft to ensure that default settings are congruent with privacy concerns. Subsequent to UpGuard research, Microsoft reiterated its commitment to data privacy and removed the anomaly by enabling table permissions by default.
The leak comes amidst concerns of misconfigurations causing data leaks. For instance, in 2017, Misconfiguration in Deep Root Analytics database exposed personal information of 198 Million US voters. While a few entities like Google cloud platform, Amazon web service have undertaken steps to ensure apt default settings, the issue has not garnered significant attention until recently.
The post Report exposes data leak of 38M records from Microsoft portal appeared first on JURIST - News - Legal News & Commentary.
Continue reading...
Note: We don't have any responsibilities about this news. Its been posted here by Feed Reader and we had no controls and checking on it. And because News posted here will be deleted automatically after 21 days, threads are closed so that no one spend time to post and discuss here. You can always check the source and discuss in their site.
UpGuard attributed the leak to a misconfiguration in Microsoft’s PowerApps platform. This platform allows users to create web and mobile applications. The data from such applications is stored within the Microsoft dataverse after the users enable OData (Open Data Protocol). The misconfigured default setting on Microsoft Portal permitted anonymous access to such data. Until the developer manually activated the “Enable Table permissions” option, the anonymous data access continued.
The leak has affected major institutions and companies, like the Indiana Department of Health, New York City public schools, American Airlines and Microsoft. Greg Pollock, UpGuard’s vice president of cyber research described the leak as “wild” and emphasized that it is the responsibility of cloud providers like Microsoft to ensure that default settings are congruent with privacy concerns. Subsequent to UpGuard research, Microsoft reiterated its commitment to data privacy and removed the anomaly by enabling table permissions by default.
The leak comes amidst concerns of misconfigurations causing data leaks. For instance, in 2017, Misconfiguration in Deep Root Analytics database exposed personal information of 198 Million US voters. While a few entities like Google cloud platform, Amazon web service have undertaken steps to ensure apt default settings, the issue has not garnered significant attention until recently.
The post Report exposes data leak of 38M records from Microsoft portal appeared first on JURIST - News - Legal News & Commentary.
Continue reading...
Note: We don't have any responsibilities about this news. Its been posted here by Feed Reader and we had no controls and checking on it. And because News posted here will be deleted automatically after 21 days, threads are closed so that no one spend time to post and discuss here. You can always check the source and discuss in their site.