Thousands of apps and portals that use Microsoft’s Power Apps platform mistakenly leaked about 38 million confidential records and left them exposed for months on the open internet, a new report says.
The leaked data included job applicants' social security numbers, employee IDs, millions of names and email addresses as well as personal information used for Covid-19 contact tracing and vaccination appointments, UpGuard said in Monday's report.
Power Apps is a suite of apps, services and connectors as well as a data platform that provides a development environment for building custom applications for businesses.
“This research presents an example of a larger theme, which is how to manage third-party risks [and exposures] posed by platforms that don't slot neatly into vulnerability disclosure programmes as we know them today,” UpGuard said.
The company said it has notified 47 affected entities so far. These include government institutions in Indiana, Maryland and New York City as well as private companies like American Airlines, JB Hunt and Microsoft.
Founded in 2012, Upguard helps businesses manage cybersecurity risk.
Using Power Apps, customers can quickly build customised business apps that connect to their data stored either in the underlying data platform or in various online and on-premises data sources such as SharePoint, Microsoft 365 and Dynamics 365.
Microsoft did not immediately respond to The National's request for comment.
The main Power Apps marketing page lists the ability to access “your data either anonymously or through commercial authentication” as one of the top features.
“Our conversations with the entities we notified suggested the same conclusion … multiple government bodies reported performing security reviews of their apps without identifying this issue, presumably because it has never been adequately publicised as a data security concern before,” UpGuard said in its findings.
It revealed that in cases like compromised registration pages for Covid-19 vaccinations, there are data types that should be public (like the locations of vaccination sites and available appointment times) as well as sensitive data that should be private, like the personal information of the people being vaccinated.
The increase in cyber threats has led to a surge in global spending on cyber security, which is forecast to rise about 125 per cent to $363.05 billion by 2025 from 2019, research consultancy Mordor Intelligence said.
In March, cyber espionage group Hafnium reportedly exploited Microsoft's widely used email and calendar Exchange server, breaching more than 30,000 commercial and local government entities in the US.
AT%20A%20GLANCE
%3Cp%3E%3Cstrong%3EWindfall%3C%2Fstrong%3E%0D%3Cbr%3EAn%20%E2%80%9Cenergy%20profits%20levy%E2%80%9D%20to%20raise%20around%20%C2%A35bn%20in%20a%20year.%20The%20temporary%20one-off%20tax%20will%20hit%20oil%20and%20gas%20firms%20by%2025%20per%20cent%20on%20extraordinary%20profits.%20An%2080%20per%20cent%20investment%20allowance%20should%20calm%20Conservative%20nerves%20that%20the%20move%20will%20dent%20North%20Sea%20firms%E2%80%99%20investment%20to%20save%20them%2091p%20for%20every%20%C2%A31%20they%20spend.%0D%3Cbr%3E%3Cstrong%3EA%20universal%20grant%3C%2Fstrong%3E%0D%3Cbr%3EEnergy%20bills%20discount%2C%20which%20was%20effectively%20a%20%C2%A3200%20loan%2C%20has%20doubled%20to%20a%20%C2%A3400%20discount%20on%20bills%20for%20all%20households%20from%20October%20that%20will%20not%20need%20to%20be%20paid%20back.%0D%3Cbr%3E%3Cstrong%3ETargeted%20measures%3C%2Fstrong%3E%0D%3Cbr%3EMore%20than%20eight%20million%20of%20the%20lowest%20income%20households%20will%20receive%20a%20%C2%A3650%20one-off%20payment.%20It%20will%20apply%20to%20households%20on%20Universal%20Credit%2C%20Tax%20Credits%2C%20Pension%20Credit%20and%20legacy%20benefits.%0D%3Cbr%3ESeparate%20one-off%20payments%20of%20%C2%A3300%20will%20go%20to%20pensioners%20and%20%C2%A3150%20for%20those%20receiving%20disability%20benefits.%3C%2Fp%3E%0A
The specs
Engine: 3.8-litre twin-turbo flat-six
Power: 650hp at 6,750rpm
Torque: 800Nm from 2,500-4,000rpm
Transmission: 8-speed dual-clutch auto
Fuel consumption: 11.12L/100km
Price: From Dh796,600
On sale: now
The specs
Engine: 4.0-litre V8 twin-turbocharged and three electric motors
Power: Combined output 920hp
Torque: 730Nm at 4,000-7,000rpm
Transmission: 8-speed dual-clutch automatic
Fuel consumption: 11.2L/100km
On sale: Now, deliveries expected later in 2025
Price: expected to start at Dh1,432,000
Zayed Sustainability Prize
Wicked: For Good
Director: Jon M Chu
Starring: Ariana Grande, Cynthia Erivo, Jonathan Bailey, Jeff Goldblum, Michelle Yeoh, Ethan Slater
Rating: 4/5
'THE WORST THING YOU CAN EAT'
Trans fat is typically found in fried and baked goods, but you may be consuming more than you think.
Powdered coffee creamer, microwave popcorn and virtually anything processed with a crust is likely to contain it, as this guide from Mayo Clinic outlines:
Baked goods - Most cakes, cookies, pie crusts and crackers contain shortening, which is usually made from partially hydrogenated vegetable oil. Ready-made frosting is another source of trans fat.
Snacks - Potato, corn and tortilla chips often contain trans fat. And while popcorn can be a healthy snack, many types of packaged or microwave popcorn use trans fat to help cook or flavour the popcorn.
Fried food - Foods that require deep frying — french fries, doughnuts and fried chicken — can contain trans fat from the oil used in the cooking process.
Refrigerator dough - Products such as canned biscuits and cinnamon rolls often contain trans fat, as do frozen pizza crusts.
Creamer and margarine - Nondairy coffee creamer and stick margarines also may contain partially hydrogenated vegetable oils.
How to watch Ireland v Pakistan in UAE
When: The one-off Test starts on Friday, May 11
What time: Each day’s play is scheduled to start at 2pm UAE time.
TV: The match will be broadcast on OSN Sports Cricket HD. Subscribers to the channel can also stream the action live on OSN Play.
T20 WORLD CUP QUALIFIER
Results
UAE beat Nigeria by five wickets
Hong Kong beat Canada by 32 runs
Friday fixtures
10am, Tolerance Oval, Abu Dhabi – Ireland v Jersey
7.30pm, Zayed Cricket Stadium, Abu Dhabi – Canada v Oman
Ant-Man and the Wasp
Director: Peyton Reed
Starring: Paul Rudd, Evangeline Lilly, Michael Douglas
Three stars
GOODBYE%20JULIA
%3Cp%3E%3Cstrong%3EDirector%3A%20%3C%2Fstrong%3EMohamed%20Kordofani%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%20%3C%2Fstrong%3ESiran%20Riak%2C%20Eiman%20Yousif%2C%20Nazar%20Goma%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%205%2F5%3C%2Fp%3E%0A
The Settlers
Director: Louis Theroux
Starring: Daniella Weiss, Ari Abramowitz
Rating: 5/5
Company profile
Name: Tratok Portal
Founded: 2017
Based: UAE
Sector: Travel & tourism
Size: 36 employees
Funding: Privately funded
Company%20Profile
%3Cp%3E%3Cstrong%3EName%3A%3C%2Fstrong%3E%20Neo%20Mobility%3Cbr%3E%3Cstrong%3EStarted%3A%3C%2Fstrong%3E%20February%202023%3Cbr%3E%3Cstrong%3ECo-founders%3A%3C%2Fstrong%3E%20Abhishek%20Shah%20and%20Anish%20Garg%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%3Cbr%3E%3Cstrong%3EIndustry%3A%3C%2Fstrong%3E%20Logistics%3Cbr%3E%3Cstrong%3EFunding%3A%3C%2Fstrong%3E%20%2410%20million%3Cbr%3E%3Cstrong%3EInvestors%3A%3C%2Fstrong%3E%20Delta%20Corp%2C%20Pyse%20Sustainability%20Fund%2C%20angel%20investors%3C%2Fp%3E%0A
'The Last Days of Ptolemy Grey'
Rating: 3/5
Directors: Ramin Bahrani, Debbie Allen, Hanelle Culpepper, Guillermo Navarro
Writers: Walter Mosley
Stars: Samuel L Jackson, Dominique Fishback, Walton Goggins
ENGLAND SQUAD
For first two Test in India Joe Root (captain), Jofra Archer, Moeen Ali, James Anderson , Dom Bess, Stuart Broad , Rory Burns, Jos Buttler, Zak Crawley, Ben Foakes, Dan Lawrence, Jack Leach, Dom Sibley, Ben Stokes, Olly Stone, Chris Woakes. Reserves James Bracey, Mason Crane, Saqib Mahmood, Matthew Parkinson, Ollie Robinson, Amar Virdi.
Where%20the%20Crawdads%20Sing
%3Cp%3E%3Cstrong%3EDirector%3A%20%3C%2Fstrong%3EOlivia%20Newman%3Cbr%3E%3Cstrong%3EStars%3A%3C%2Fstrong%3E%20Daisy%20Edgar-Jones%2C%20Taylor%20John%20Smith%2C%20Harris%20Dickinson%2C%20David%20Strathairn%3Cbr%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%202%2F5%3C%2Fp%3E%0A
Know before you go
- Jebel Akhdar is a two-hour drive from Muscat airport or a six-hour drive from Dubai. It’s impossible to visit by car unless you have a 4x4. Phone ahead to the hotel to arrange a transfer.
- If you’re driving, make sure your insurance covers Oman.
- By air: Budget airlines Air Arabia, Flydubai and SalamAir offer direct routes to Muscat from the UAE.
- Tourists from the Emirates (UAE nationals not included) must apply for an Omani visa online before arrival at evisa.rop.gov.om. The process typically takes several days.
- Flash floods are probable due to the terrain and a lack of drainage. Always check the weather before venturing into any canyons or other remote areas and identify a plan of escape that includes high ground, shelter and parking where your car won’t be overtaken by sudden downpours.
