A bug in the Microsoft software causes the data of millions of users to be exposed

Millions of personal data available online due to software glitch from Microsoft

Information security specialist Abgard revealed Monday in a report that some 38 million personal data and information, some of which belong to platforms tracking cases of people infected with CORONAvirus, were at risk earlier this year due to a flaw in the formation of Microsoft software used by various companies and institutions.

 

Abgard released its report after a few months of investigation that showed that millions of names, addresses, tax ID numbers and other confidential information became exposed - but not compromised - before the problem was resolved.
Among the 47 stakeholders involved are American Airlines, Ford, JB Hunt, the Maryland Health Authority and the New York City Department of Public Transportation.
 
What these agencies combine is Microsoft's Power Apps software, which facilitates the creation of websites and mobile applications to interact with the public.
 
For example, if an organization needs to quickly develop a vaccine appointment portal, Microsoft software provides this public interface and data management.
 
But until June 2021, automatic software configuration did not adequately provide protection for certain data, abgard researchers said, adding that Thanks to their research, Microsoft had "initiated modifications to power ups portals."
 
"Our tools help design solutions on a large scale that meet a variety of needs," said a spokesman for the technology giant, adding, "We take security and privacy very seriously, and encourage our customers to create products in a way that best meets their privacy needs."
The Group confirmed that it was informing its customers when potential leakage risks were detected, so that they could address them.
 
However, Upgard argued that it would be better to change the software based on how it was used by customers rather than "view the widespread lack of data privacy as a user configuration error, which perpetuates the problem and puts the public at risk."
 
"The number of accounts in which sensitive information was exposed shows that the risks associated with this property have not been adequately taken into account," she said.