You might think large companies would have learned about the consequences of not locking down users’ personal information by now, after hundreds of huge – and well-publicised – breaches over the past few years.
But Microsoft is the latest to be implicated in an enormous potential data breach – with an incredible 38 million users’ personal details placed at risk.
The problem lies with Microsoft’s Power Apps, a tool for businesses to easily create their own apps in the cloud. It’s been used by companies such as PayPal, Metro Bank, Toyota, Heathrow Airport as well as many healthcare and educational organisations around the world.
However, cybersecurity experts revealed this week that over 1,000 apps created using the tool had accidentally exposed records containing sensitive personal data. These include Covid tracing information, names, phone numbers, email addresses and even social security numbers (widely used in the US to prove your identity).
Researchers warned 47 organisations, including Ford, American Airlines, the New York subway and the entire state of Indiana, US, that they had been exposed. Even Microsoft itself had made non-secure apps using its own technology.
The breaches stemmed from badly set-up apps which had accidentally set personal records to be publicly viewable. If a particular toggle in the app was not switched correctly, even anonymous users could freely access whatever data they wanted. Some of the information could even be found through a simple Google search.
READ MORE: Police and UK Government vulnerable to new Microsoft email hack… are YOU?
But it warned something like this could happen again: “As more information is moved online, the frequency of sensitive data being made publicly available increases… Platform operators [should] take ownership of misconfiguration issues sooner, rather than leave third-party researchers to identify and notify all instances of such misconfigurations.”
Credit: Source link