“No way!” The bug that made you say disclosed millions of COVID-19 data. A security flaw discovered in Microsoft’s Power Apps platform has compromised millions of data.
A vulnerability detected in Microsoft’s Power Apps platform caused a total of 38 million private data to be compromised, including COVID-19 data. According to the information shared, the problem affected dozens of large companies and institutions, including American Airlines, Ford, the Indiana State Department of Health, and New York City public schools.
PowerApps; It can be defined as a suite of applications, services, connectors, and data platforms that provide a rapid development environment for customers to produce custom applications for their business needs. This service, which includes application programming interfaces (API), aims to alleviate the workload of developers.
Dozens of companies using Power Apps infrastructure were affected by the bug
Experts at security company Upguard have been tracking the problem they identified since May. As a result of the research, the team revealed that private data, which can be easily accessed by anyone who understands these things, is in danger. While investigating the issue, it was discovered that due to a bug in the Power Apps APIs, all data became public by default. It was stated that manual intervention is required to make it confidential.
Upguard said in a statement that it sent a comprehensive report to Microsoft’s security center on June 24. He stated that he informed the company about the problematic APIs, as well as the details about the Power Apps accounts that caused the private data to be exposed. In addition, Upguard also informed some companies and institutions affected by the vulnerability.
Although there are researches on whether the data of the companies affected by the vulnerability have been leaked to the internet environment, unfortunately, there is no clear information on this subject. On the other hand, Microsoft has largely eliminated the error. Data from developers using Power Apps APIs will now be private by default. In addition, thanks to a new tool added to the service, companies will be able to check whether they are safe.