According to security firm Upguard, Some 38 million records stored on a Microsoft service, including private information, were mistakenly left exposed this year. The data, including names, addresses, financial information and Covid-19 vaccination statuses, was made vulnerable. Among the 47 affected organizations were American Airlines, Ford, JB Hunt and public agencies such as the Maryland Department of Health and New York City’s public transit system. They all used a Microsoft product called Power Apps, which allows for the creation of websites and mobile apps to interact with the public.
According to UpGuard, The service’s default software configuration setting meant the data of the affected organizations was left without protection up until June 2021. Microsoft said it had let clients know when potential security risks were uncovered so that they could fix the problems themselves. The spokesperson from Microsoft said that they take security and privacy seriously, and they encourage our customers to use best practices when configuring products in ways that best meet their privacy needs.
But UpGuard said it would have been better to change the way the software works at the source, and based on how customers use it, rather than to label systemic loss of data confidentiality end user disarrangement, allowing the problem to persist.