Fingers are pointing at Microsoft for a massive online breach of 38 Million people.  What was leaked are personal details first reported by cybersecurity firm UpGuard.

The report details how apps created on Microsoft’s platform called Power Apps that allows for companies to make their own apps and includes application programming interfaces (APIs) to leverage the data they collect.

Apparently, a giant gaping hole was inadvertently left open by Microsoft according to the report inside their app creating platform to default collected personal information public.  Unless a developer went out of their way to change and enable privacy settings, anyone could access the data.

The result is millions of people unknowingly having their data exposed to the world from popular apps built by several large organizations on this Microsoft platform.

What got leaked

  • COVID-19 Vaccination statuses
  • Social Security numbers
  • Phone numbers
  • Full names
  • Email addresses

What’s alarming about this leak is that it wasn’t some sort of breach from a malicious attack that set it into motion.

If what UpGuard found about Microsoft it true, and it looks like it is, this is not an error as much as it is a complete and utter disregard for protecting people and instead an absence of good stewardship and bigger issue that shows protecting people is culturally low on their list of values.  This is security 101 basics ignorance from a otherwise trusted big tech leader.

 

What you can do to protect yourself

First off, in this case in particular, little of anything could have been done to avoid exposure as a user. You and I have no idea what platform apps from trusted sources are built upon. Microsoft says it has addressed the security lapse and is encouraging its corporate customers to make appropriate updates.

Really, this should serve as a wakeup call to leaders in tech to put security much higher on their list of priorities.

The obvious starts glaring at me.  What accountability keeps Microsoft in line with protecting people?  It also shows that absent any form of punitive or thoughtful oversight, the safety and interest of the public is not being protected.

As it stands based on this leak, not much is being done to put you and your family at the top of anyone’s list of priorities in tech – except to harvest from you any valuable personal information to make a profit by exploiting your privacy.

Related:



Print Friendly, PDF & Email