Cybersecurity Today – 38 million Records Exposed Online

2 Mins Read

Industry NewsCybersecurity Today – 38 million Records Exposed Online

For some time, Microsoft’s Power Apps portals exposed the personal data of 38 million users. The vulnerability went unnoticed for months, exposing records ranging from COVID-19 vaccination status, social security numbers, phone numbers, home addresses, and email addresses.

The most impacted victims are those doing business with American Airlines, Ford, the Maryland Department of Health, the Indiana Department of Health, and New York City public schools.

What’s being called a ‘platform issue’ shows how one mismanaged configuration setting on Microsoft can be devastating for its users. Here’s a detailed analysis:

American Airlines

Number of records exposed What data was exposed
398,890 Full names, job titles, phone numbers, and email addresses.
470,400 Full names, job titles, phone numbers, and email addresses.

 The first test showed a total of 398,890 records exposed. Records included full names, job titles, phone numbers, and email addresses. A second test showed data exposed of 470,400 users, including their full names, job titles, phone numbers, and email addresses.

Denton County, TX

Number of records exposed What data was exposed
632,171 Vaccination types, appointment dates and times, employee IDs, full names, email addresses, phone numbers, and date of birth
400,091 Full names and vaccination types
253,844 Full names and email addresses

 A total of 632,171 records exposed which included data of individuals such as the vaccination type they got, their appointment dates and times, employee IDs, full names, email addresses, phone numbers, and date of birth.

A list named ‘contactVaccinationSet’ had 400,091 records with fields for full names and vaccination types. A list named ‘contactset’ had 253,844 records with full names and email addresses.

J.B. Hunt Transport Services

Number of records exposed What data was exposed
905,228 full names, email addresses, physical addresses, and phone numbers
250,000 social security numbers

 The transportation logistics firm made public 905,228 records that included customer full names, email addresses, physical addresses, and phone numbers. Over a quarter-million of the records also included US social security numbers.

Microsoft’s own The Global Payroll Services Portal

Number of records exposed What data was exposed
332,000 email address, full name, phone numbers

 Researchers found 332,000 records of Microsoft employees and contractors with their @microsoft.com email address, full name, phone numbers that appear to be for personal use.

Over the years, the misconfiguration of cloud-based databases has been a serious issue. By mismanaging and not fixing vulnerabilities, data breaches have become common which end up exposing sensitive information of individuals.

 

Ather Owais Ather Owais is a tech and cybersecurity enthusiast. He is a strong advocate for online privacy and security, following technological trends and their impact on today's digital era.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.