Thousands of apps and portals that use Microsoft’s Power Apps platform mistakenly leaked about 38 million confidential records and left them exposed for months on the open internet, a new report says.
The leaked data included job applicants' social security numbers, employee IDs, millions of names and email addresses as well as personal information used for Covid-19 contact tracing and vaccination appointments, UpGuard said in Monday's report.
Power Apps is a suite of apps, services and connectors as well as a data platform that provides a development environment for building custom applications for businesses.
“This research presents an example of a larger theme, which is how to manage third-party risks [and exposures] posed by platforms that don't slot neatly into vulnerability disclosure programmes as we know them today,” UpGuard said.
The company said it has notified 47 affected entities so far. These include government institutions in Indiana, Maryland and New York City as well as private companies like American Airlines, JB Hunt and Microsoft.
Founded in 2012, Upguard helps businesses manage cybersecurity risk.
Using Power Apps, customers can quickly build customised business apps that connect to their data stored either in the underlying data platform or in various online and on-premises data sources such as SharePoint, Microsoft 365 and Dynamics 365.
Microsoft did not immediately respond to The National's request for comment.
The main Power Apps marketing page lists the ability to access “your data either anonymously or through commercial authentication” as one of the top features.
“Our conversations with the entities we notified suggested the same conclusion … multiple government bodies reported performing security reviews of their apps without identifying this issue, presumably because it has never been adequately publicised as a data security concern before,” UpGuard said in its findings.
It revealed that in cases like compromised registration pages for Covid-19 vaccinations, there are data types that should be public (like the locations of vaccination sites and available appointment times) as well as sensitive data that should be private, like the personal information of the people being vaccinated.
The increase in cyber threats has led to a surge in global spending on cyber security, which is forecast to rise about 125 per cent to $363.05 billion by 2025 from 2019, research consultancy Mordor Intelligence said.
In March, cyber espionage group Hafnium reportedly exploited Microsoft's widely used email and calendar Exchange server, breaching more than 30,000 commercial and local government entities in the US.
Three ways to limit your social media use
Clinical psychologist, Dr Saliha Afridi at The Lighthouse Arabia suggests three easy things you can do every day to cut back on the time you spend online.
1. Put the social media app in a folder on the second or third screen of your phone so it has to remain a conscious decision to open, rather than something your fingers gravitate towards without consideration.
2. Schedule a time to use social media instead of consistently throughout the day. I recommend setting aside certain times of the day or week when you upload pictures or share information.
3. Take a mental snapshot rather than a photo on your phone. Instead of sharing it with your social world, try to absorb the moment, connect with your feeling, experience the moment with all five of your senses. You will have a memory of that moment more vividly and for far longer than if you take a picture of it.
Wicked
Director: Jon M Chu
Stars: Cynthia Erivo, Ariana Grande, Jonathan Bailey
The specs
Engine: 2-litre 4-cylinder and 3.6-litre 6-cylinder
Power: 220 and 280 horsepower
Torque: 350 and 360Nm
Transmission: eight-speed automatic
Price: from Dh136,521 VAT and Dh166,464 VAT
On sale: now
If%20you%20go
%3Cp%3EThere%20are%20regular%20flights%20from%20Dubai%20to%20Kathmandu.%20Fares%20with%20Air%20Arabia%20and%20flydubai%20start%20at%20Dh1%2C265.%3Cbr%3EIn%20Kathmandu%2C%20rooms%20at%20the%20Oasis%20Kathmandu%20Hotel%20start%20at%20Dh195%20and%20Dh120%20at%20Hotel%20Ganesh%20Himal.%3Cbr%3EThird%20Rock%20Adventures%20offers%20professionally%20run%20group%20and%20individual%20treks%20and%20tours%20using%20highly%20experienced%20guides%20throughout%20Nepal%2C%20Bhutan%20and%20other%20parts%20of%20the%20Himalayas.%3C%2Fp%3E%0A
Roll%20of%20Honour%2C%20men%E2%80%99s%20domestic%20rugby%20season
%3Cp%3E%3Cstrong%3EWest%20Asia%20Premiership%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%0D%3Cbr%3ERunners%20up%3A%20Bahrain%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Premiership%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Jebel%20Ali%20Dragons%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Hurricanes%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Division%201%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Sharks%0D%3Cbr%3ERunners%20up%3A%20Abu%20Dhabi%20Harlequins%20II%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EUAE%20Division%202%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%20III%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Sharks%20II%0D%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EDubai%20Sevens%3C%2Fstrong%3E%0D%3Cbr%3EChampions%3A%20Dubai%20Tigers%0D%3Cbr%3ERunners%20up%3A%20Dubai%20Hurricanes%3C%2Fp%3E%0A
Gothia Cup 2025
4,872 matches
1,942 teams
116 pitches
76 nations
26 UAE teams
15 Lebanese teams
2 Kuwaiti teams
COMPANY%20PROFILE%20
%3Cp%3E%3Cstrong%3EName%3A%3C%2Fstrong%3E%20Dooda%20Solutions%0D%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Lebanon%0D%3Cbr%3E%3Cstrong%3EFounder%3A%20%3C%2Fstrong%3ENada%20Ghanem%0D%3Cbr%3E%3Cstrong%3ESector%3A%3C%2Fstrong%3E%20AgriTech%0D%3Cbr%3E%3Cstrong%3ETotal%20funding%3A%20%3C%2Fstrong%3E%24300%2C000%20in%20equity-free%20funding%0D%3Cbr%3E%3Cstrong%3ENumber%20of%20employees%3A%3C%2Fstrong%3E%2011%3C%2Fp%3E%0A
Ferrari 12Cilindri specs
Engine: naturally aspirated 6.5-liter V12
Power: 819hp
Torque: 678Nm at 7,250rpm
Price: From Dh1,700,000
Available: Now
'The Sky is Everywhere'
Director:Josephine Decker
Stars:Grace Kaufman, Pico Alexander, Jacques Colimon
Rating:2/5
Diriyah%20project%20at%20a%20glance
%3Cp%3E-%20Diriyah%E2%80%99s%201.9km%20King%20Salman%20Boulevard%2C%20a%20Parisian%20Champs-Elysees-inspired%20avenue%2C%20is%20scheduled%20for%20completion%20in%202028%3Cbr%3E-%20The%20Royal%20Diriyah%20Opera%20House%20is%20expected%20to%20be%20completed%20in%20four%20years%3Cbr%3E-%20Diriyah%E2%80%99s%20first%20of%2042%20hotels%2C%20the%20Bab%20Samhan%20hotel%2C%20will%20open%20in%20the%20first%20quarter%20of%202024%3Cbr%3E-%20On%20completion%20in%202030%2C%20the%20Diriyah%20project%20is%20forecast%20to%20accommodate%20more%20than%20100%2C000%20people%3Cbr%3E-%20The%20%2463.2%20billion%20Diriyah%20project%20will%20contribute%20%247.2%20billion%20to%20the%20kingdom%E2%80%99s%20GDP%3Cbr%3E-%20It%20will%20create%20more%20than%20178%2C000%20jobs%20and%20aims%20to%20attract%20more%20than%2050%20million%20visits%20a%20year%3Cbr%3E-%20About%202%2C000%20people%20work%20for%20the%20Diriyah%20Company%2C%20with%20more%20than%2086%20per%20cent%20being%20Saudi%20citizens%3Cbr%3E%3C%2Fp%3E%0A
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
