What was exposed in Microsoft's 2021 data breach?

Written By Lauren Marquez

38 million people were leaked on the open internet due to a flaw in more than a thousand Microsoft web apps, according to The U.S. Sun


The summary:

  • Organizations

    • American Airlines

    • Ford

    • J.B Hunt

    • Maryland Department of Health

    • The New York City Municipal Transportation Authority

    • New York City public schools

  • Other

    • Covid-19 tracing platforms

    • Vaccination sign-ups

    • Job application portals

    • Employee databases

  • Personal information revealed

    • Phone numbers

    • Home addresses

    • Social security numbers

    • Covid-19 vaccination status

All of this information exposed due to it’s placement into Microsoft’s Power Apps portal service. Used to create websites and databases for internal usage. In May investigation around this issue began, and was found to be caused by an error in the application, a report published on the matter revealed when an API was enabled to interact with the data it was made public. The company however, announced early in August that it was set to change the default to store API data and other information privately.


The Solution:

Tech companies need to take action, if tech companies do not offer secure and private default settings to ensure leaks similar to this do not progress in the future they need to secure all of their databases seriously.



Lauren Marquez
Previous

What you need to know about Microsoft's Vulnerabilities from recent Ransomware Criminals
Next

New Hacking threat Alert: SideWalk