Thursday, November 21, 2024

Millions of data were accidentally detected in Microsoft programs

about 38 million personal informationSome of them come from platforms that track cases of coronavirus contacts. It was weak earlier this year due to misconfiguration in Microsoft software Used by various companies and organizations.

On Monday, cybersecurity firm UpGuard released the result of an investigation that showed this Millions of names, addresses, tax identification numbers and other confidential information have been disclosed before solving the problem. However, it was not violated.

American Airlines, Ford, GB Hunt Groups such as the Maryland Health Authority and New York City Public Transportation were among 47 participating groups.

these Subscribers to Microsoft Software and Power Apps It allows you to easily create websites and mobile applications to interact with the audience.

For example, if an organization quickly needs a vaccine appointment booking portal, this Microsoft service provides both the public interface and data management.

But until June 2021, it was The default software settings were not sufficiently protecting certain dataUpGuard researchers explain.

Thanks to our research, Microsoft changed Power Apps portalsThey say. Microsoft was quick to respond to the disclosure of these findings.

“for us The tools help design solutions at scale that meet a variety of needs. “We take security and privacy very seriously, and encourage our customers to configure products to better meet their privacy needs,” a spokesperson for the computer giant said.

The group also indicated that Systematically inform clients when potential risks are identified Leaks, so they can fix it.

But according to UpGuard, it’s better to change the software based on how customers use it rather than “viewing the broad lack of data privacy as a configuration error by the user, perpetuating the problem and putting the public at risk”.

See also  Why was the information kept confidential?

“The number of accounts in which sensitive information was weak shows that the risks associated with this feature – the potential and impact of misconfiguration – were not sufficiently taken into account,” the company added.

AMP

Latest news
Related news