Connect with us

Hi, what are you looking for?


Misconfigured Microsoft Apps Expose 38 Million Sensitive Records Including Contact Tracing

Over one thousand web apps using Microsoft Power Apps have mistakenly exposed 38 million records online, including sensitive data relating to a number of coronavirus contact tracing platforms, vaccination registrations, job application portals, and employee databases.

Wired reported that a thousand web apps have accidentally exposed 38 million records online, including data from coronavirus contact tracing platforms, vaccinations sign-ups, job portals, and employee databases. The records included a wide array of sensitive information including phone numbers, home addresses, social security numbers, and vaccination status. The exposure of sensitive data was caused by the misconfiguration of Microsoft’s Power Apps tool, which is used to manage the database for many apps and web services.

Microsoft CEO Satya Nadella

A number of major companies and organizations were affected by the leak including American Airlines, Ford, J.B. Hunt, the New York City Municipal Transportation Authority, the Maryland Department of Health, and New York City public schools.

WAYNE, MI – DECEMBER 14: Workers build a Ford Focus on the assembly line at the Ford Motor Co.’s Michigan Assembly Plant December 14, 2011 in Wayne, Michigan. Ford released details about the electrification of the Michigan Assembly Plant that will power production in part by one of the largest solar energy generator systems in order to produce their new C-MAX Hybrid and C-MAX Energi electric vehicles.


The data was all stored in Microsoft’s Power Apps portal service which is used to create web or mobile apps for eternal use. Power Apps portals can be used to create both public-facing sites and data management backends for signup systems including job application portals and even vaccine registration sites.

The security firm Upguard began investigating a number of Power Apps portals in May, as it appeared that they had publicly exposed private data. None of the exposed data appears to have been compromised, but the discovery is still major and reveals a huge oversight in the design of the Power Apps portals. Upguard found that when enabling certain APIs on Power Apps, the platform defaulted to making the corresponding data publicly accessible.

Greg Pollock, UpGuard’s vice president of cyber research, commented: “We found one of these that was misconfigured to expose data and we thought, we’ve never heard of this, is this a one-off thing or is this a systemic issue? Because of the way the Power Apps portals product works, it’s very easy to quickly do a survey. And we discovered there are tons of these exposed. It was wild.”

Advertisement. Scroll to continue reading.





You May Also Like

Joe Biden

‘The Five’ reacts to the Russian invasion of Ukraine. More economic strain…Isn’t that what Biden does…Strain the hell out of the American people? We...


Canadian truck driver Harold Jonker speaks out after nearly 200 protesters were arrested in Ottawa. GOD BLESS ALL TRUCKERS, and peaceful protesters; The government...


Scientists from Pfizer said the quiet part out loud about natural immunity. We’ll explain why. Also, Joe Biden blames Republicans for his inflation. And...


“The science” People that get vaccinated ARE SUPER SPREADERS!!; They must she’d 100% of the time since their bodies are creating the spike protein....


Florida Republican Gov. Ron DeSantis delivered a letter to the Biden administration asking the Department of Homeland Security (DHS) to protect state residents from “dangerous criminal...


Florida Gov. Ron DeSantis (R) dismissed the need for mask mandates in the Sunshine State on Wednesday, emphasizing the importance of personal liberty while...


Texas Gov. Greg Abbott (R) issued an executive order on Wednesday to maintain a ban on vaccine mandates in the Lone Star State. Abbott’s...


As major businesses, concert venues, and entertainers move to require proof of COVID-19 vaccination, rap megastar and fashion mogul Kanye West is gearing up...


New York Gov. Kathy Hochul (D) announced a universal mask requirement for all schools upon her first day in office. Hochul on Tuesday announced her decision...

Barack Obama

The island of Martha’s Vineyard experienced a spike in coronavirus cases this week after President Barack Obama’s 60th birthday party last Saturday. The Daily Mail reports that...