The UpGuard Research team can now disclose multiple data leaks resulting from #Microsoft Power Apps portals configured to allow public access - a new vector of #data exposure. The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses. It is a better resolution to change the product in response to observed user behaviors than to label systemic loss of data confidentiality an end user #misconfiguration, allowing the problem to persist and exposing end users to the #cyber security risk of a #databreach

https://www.upguard.com/breaches/power-apps