Security firm Upguard has confirmed that they discovered numerous caches of data belonging to various high-profile companies. The information was stored on Microsoft’s Power Apps portal which is a platform that allows easy creation of a site while also managing data on the backend. Although they’ve already been addressed, the exposure affected American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. Information such as vaccination status, phone numbers, home addresses, and Social Security Numbers were available to view. Through further analysis Upguard researchers realized “when enabling these APIs, the platform defaulted to making the corresponding data publicly accessible. Enabling privacy settings was a manual process. As a result, many customers misconfigured their apps by leaving the insecure default,” stated Lil Hay Newman.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in