Threat Update
Recent reports indicate that a Microsoft Power Apps misconfiguration may lead to exposure of extremely sensitive data to public sources. SKOUT recommends reviewing your configuration of your Microsoft Power Apps, and performing the Portal Checker diagnostic provided by Microsoft. We also recommend being on the lookout for phishing attempts, as threat actors may utilize exposed information to target those that were affected by this exposure.
Technical Detail & Additional Information
WHAT IS THE THREAT?
A misconfiguration in Microsoft Power Apps may lead to a leak of your organization’s private information. Around 38 million sensitive data records were leaked, with a total of 47 businesses being affected, according to UpGuard Research. These records include social security numbers, COVID-19 vaccination status, and email addresses. Threat actors may utilize the ODdata API for Power Apps portals to take advantage of this misconfiguration.
WHY IS IT NOTEWORTHY?
This is noteworthy due to the highly sensitive information that is exposed and the companies affected by this. Data was leaked from American Airlines, Ford, the Indiana Department of Health, New York City public schools, and the Maryland government. Since this is a Microsoft Power Apps misconfiguration, it is also an important lesson to show that simple misconfigurations can lead to disastrous data leaks or breaches.
WHAT IS THE EXPOSURE OR RISK?
38 million records have been exposed from a combination of different companies. Threat actors may utilize these records to perform targeted phishing attacks. Current users of Microsoft Power Apps may also fall victim to this, so it is important to review your current configuration to ensure no sensitive data is public.
WHAT ARE THE RECOMMENDATIONS?
SKOUT recommends reviewing your current Power Apps configurations to ensure important data is not public. We also recommend the following:
- Perform the Microsoft Portal Checker diagnostics and review the results in accordance to the Microsoft article here: https://docs.microsoft.com/en-us/powerapps/maker/portals/admin/portal-checker-analysis
- Be aware of any phishing attacks targeting you if you are a victim of the attack.
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
- https://www.engadget.com/microsoft-power-apps-data-exposed-report-covid-19-api-configuration-165453736.html
- https://docs.microsoft.com/en-us/powerapps/maker/portals/admin/portal-checker-analysis
- https://www.zdnet.com/article/microsoft-power-apps-misconfiguration-exposes-38-million-data-records/
- https://threatpost.com/microsoft-38-million-sensitive-records-power-app/168885/
If you have any questions, please contact our Security Operations Center.