A total of 38 million personal data and information, some of which originated from contact-tracing platforms for the novel coronavirus, was at risk earlier this year, due to the configuration of Microsoft software used by various companies and organizations.
Security firm UpGuard on Monday released the results of an investigation that showed millions of names, addresses, tax identification numbers and other confidential information were exposed before the issue was resolved. However, it was not violated.
Those affected include 47 American Airlines, Ford, GB Hunt and groups such as the Maryland Health Authority and New York City Public Transportation. All Microsoft Power Apps are used, which allows them to easily create websites and mobile applications that interact with the audience.
UpGuard investigators explained that as of June 2021, the software’s default configuration did not adequately protect certain data. “Thanks to our investigation, Microsoft has changed the Power Apps portals.”
“Our tools help create scalable solutions that meet a wide range of needs. We take security and privacy very seriously, and encourage our customers to configure products to best meet their privacy needs,” a Microsoft spokesperson responded.
The Group indicated that it systematically informs clients when potential leakage risks are identified, so that they can be minimized. But according to UpGuard, it’s better to change the software based on how customers use it, rather than “seeing the general lack of data privacy as a configuration error on the user’s part, perpetuating the problem and putting the public at risk”.
“The number of accounts in which sensitive information was at risk shows that the risks associated with this role have not been adequately addressed,” the security company said.
“Coffee trailblazer. Social media ninja. Unapologetic web guru. Friendly music fan. Alcohol fanatic.”