Friday, April 19, 2024

Millions of records exposed on Microsoft service

Some 38 million records stored on a Microsoft service, including private information, were mistakenly left exposed this year, security firm UpGuard said Monday. The data, including names, addresses, financial information and Covid-19 vaccination statuses, was made vulnerable – but not compromised – before the problem was resolved, according to the digital security company’s investigation. Among the 47 affected organizations were American Airlines, Ford, JB Hunt and public agencies such as the Maryland Department of Health and New York City’s public transit system, reports Tech Xplore. They all used a Microsoft product called Power Apps, which allows for the creation of websites and mobile apps to interact with the public. The service’s default software configuration setting meant the data of the affected organizations was left without protection until June 2021, according to UpGuard. “As a result of this research project, Microsoft has since made changes to Power Apps portals,” the report said. Microsoft said it had let clients know when potential security risks were uncovered so that they could fix the problems themselves. UpGuard said it would have been better to change the way the software works at the source, and based on how customers use it, rather than “to label systemic loss of data confidentiality an end-user misconfiguration, allowing the problem to persist.”

BIG Media
BIG Media
Our focus is on facts, accurate data, and logical interpretation. Our only agenda is the truth.

BIG Wrap

Police make arrests in ‘largest gold theft in Canadian history’

(Al Jazeera Media Network) Police in Canada have arrested multiple people accused of stealing thousands of gold bars worth more than $20 million CDN...

After stalling for months, Ukraine aid vote heads to House of Representatives

(BBC News) US President Joe Biden has said he "strongly supports" a new $61-billion aid bill for Ukraine, arguing it will "send a message...