Tens of millions of Microsoft customers’ private information in danger from large privateness flaws
You might think that after hundreds of large – and well publicized – security breaches over the past few years, large organizations have already learned the consequences of not locking down users’ personal information.
But Microsoft is the latest to be embroiled in a massive potential data breach – with a staggering 38 million personal information from users at risk.
The problem lies with Microsoft’s Power Apps, a tool for companies to easily create their own apps in the cloud. It is used by companies such as PayPal, Metro Bank, Toyota, Heathrow Airport, and many health and education organizations around the world.
However, cybersecurity experts announced this week that over 1,000 apps created using the tool had accidentally exposed records containing sensitive personal information. This includes Covid tracking information, names, phone numbers, email addresses, and even social security numbers (widely used in the US to prove your identity).
Researchers warned 47 organizations, including Ford, American Airlines, the New York Subway, and the entire state of Indiana, USA, that they had been exposed. Even Microsoft itself had created unsafe apps with its own technology.
The violations were due to poorly set up apps that inadvertently made personal recordings publicly visible. If a certain switch in the app was not switched correctly, even anonymous users could freely access any data. Some of the information could even be found with a simple Google search.
READ MORE: Police and UK Government Vulnerable to New Microsoft Email Hack … are YOU?
But it warned that something like this could happen again: “The more information is put online, the more often sensitive data is made publicly available … platform operators [should] Take responsibility for misconfiguration problems sooner instead of leaving it to outside researchers to identify and notify all cases of such misconfiguration. “