Photo: Drew Angerer / Getty Images
Some 38 million records, including addresses, social security numbers or data related to the COVID-19 pandemic, were exposed due to a misconfiguration of Microsoft software, the cybersecurity company UpGuard revealed on Monday.
The firm detailed in a document published on its Twitter account that the problem affected 47 entities, including agencies of the Governments of Indiana and Maryland or the city of New York, as well as companies such as American Airlines, JB Hunt and Microsoft.
Those affected used Power Apps, a Microsoft development platform that allows the creation of mobile applications and web portals.
An UpGuard analyst discovered last May how misconfiguration by the end user could publicly expose private data from sites created with Power Apps, although they are not currently known to have been compromised.
Microsoft declared the case closed on June 29, according to UpGuard, which notified those affected.
UpGuard noted that Microsoft data was also exposedincluding a “contact” list with 332,000 records of people on the global payroll with their corporate email address.
They also found information from the Maryland Department of Health related to appointments for tests of COVID-19, as well as American Airlines records with full names, phone numbers, and email addresses, among others.
A Microsoft spokesperson defended the safety of their product in statements to the publication The Hill, by indicating that the firm has been working with affected clients to ensure the privacy of their data and to notify those whose information was publicly available.
The investigation concluded that the experts understood – and agreed – with Microsoft’s position that the matter was not “strictly a software vulnerability”, but rather a “platform problem that requires code changes in the product” .
With information from Efe.
Keep reading: CIA Director held secret meeting in Kabul Afghanistan with Taliban leader