Microsoft Dealing with Major Data Leak

Incorrect configurations on your infrastructure’s hardware are surprisingly easy mistakes to make, and even worse, they can have severe security ramifications if they are not discovered promptly. It can happen to anyone, as evidenced by a recent data leak. One of the most popular software developers out there, Microsoft, made a pretty nasty blunder with one particular setting that led to a huge data leak that could have exposed millions of records.

This data leak affected users of Microsoft’s Power Apps, which is a software used by many companies and organizations to share data. Power Apps is used by big-name organizations and agencies like American Airlines, Maryland’s health department, and New York’s Metropolitan Transport Authority. This data leak was discovered by cybersecurity researchers at UpGuard. After identifying that the data leak was a potential security issue, UpGuard notified Microsoft about it.

Thankfully, the issue was promptly resolved, but while the data leak was active, sensitive information like names, Social Security numbers, phone numbers, dates of birth, vaccination records, demographic information, and more was left unsecured. While there is no indication that this information was accessed in any improper way, the fact remains that it was unsecured for an extended period of time and, therefore, vulnerable to attack.

The most unbelievable part of this whole issue is that Microsoft claims that the application was working as intended, which means that the default settings for the software were configured in such a way that this private or sensitive data were unsecured. Microsoft has adjusted the default settings so that there is greater privacy, but they have yet to comment on why it was such a problem in the first place.

You can never be too careful when it comes to your business’ sensitive information, as even the solutions that you believe are properly secured could eventually create a data leak if improperly configured. A security audit might be an effective way to identify these issues, but the fact of the matter is that nobody will find a leak they are not actively looking for, hence why this particular leak occurred and went undetected for so long. People simply had no reason to look for it at first.

BlackCSI wants to help your business ensure that all of the tools you use are not putting your sensitive information at odds or at risk. We can monitor your network for inconsistencies and make sure your solutions are properly configured right from the implementation step.

To learn more, contact us at (717) 620-3042.