{"id":3541,"date":"2021-08-24T12:04:29","date_gmt":"2021-08-24T16:04:29","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3541"},"modified":"2021-08-24T12:04:29","modified_gmt":"2021-08-24T16:04:29","slug":"microsoft-power-apps-platform-exposes-millions-of-users-across-apps","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/","title":{"rendered":"Microsoft Power Apps Platform Exposes Millions of Users Across Apps"},"content":{"rendered":"<p><a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3058\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\" alt=\"Microsoft Power Apps Platform Exposes Millions of Users Across Apps\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p style=\"text-align: justify\"><b><i>An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0<\/i><\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Microsoft Power Apps is a development platform designed to ease the creation of external applications. Exposed apps include American Airlines, Ford, J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. Security firm Upguard began investigating Microsoft Power Apps and several publicly facing databases that should have been private in May of this year.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The information exposed includes COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">It remains unclear whether any malicious actor found and exploited the exposed data, and the misconfiguration is now closed. Still, this alleged design flaw could have put millions at risk.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We spoke to several <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener\">cybersecurity<\/a> experts for more on the subject.\u00a0\u00a0<\/span><\/p>\n<br \/>Widget not in any sidebars<br \/>\n<h2 style=\"text-align: justify\"><b>Microsoft Power Apps Platform Exposes Millions of Users Across Apps<\/b><\/h2>\n<h3 style=\"text-align: justify\"><b>Roger Grimes<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Roger Grimes is Data-Driven Defense Evangelist at <a href=\"https:\/\/www.knowbe4.com\/\" target=\"_blank\" rel=\"noopener\">KnowBe4<\/a>.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;This is probably the ten-thousandth example of the same thing&#8230;data being accidentally exposed in a cloud app because of a legacy issue&#8230;in this case, overly permissive permissions. It is the most common cloud security issue. It&#8217;s funny, when the cloud-first came out and started to catch fire, most of the cybersecurity world was incredibly concerned with all the new types of threats and vulnerabilities that cloud apps would bring with the shared, multi-tenancy, use, and heavy dependency on virtualization. And for sure, there have been some occasional cloud-specific threats and attacks. But without a doubt, the most common issues that compromise cloud apps are social engineering, unpatched software, and overly permissive permissions, which are the same things that have plagued non-cloud systems for decades. I have people ask me all the time how they can keep their clouds secure, like it&#8217;s some secret sauce. But it really isn&#8217;t. It&#8217;s really mostly by focusing on the same things that were your biggest problems in the non-cloud world. So, why we&#8217;ve all been worried about some devious fast-spreading cloud worm or some master exploitation that will let every cloud tenant get compromised at once, the real news is that cloud attacks are the same old news. And anyone not paying attention to that fact is going to re-learn it the hard way. Focus on the basics.&#8221;<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Erich Kron<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Erich Kron is Security Awareness Advocate at <a href=\"https:\/\/www.knowbe4.com\/\" target=\"_blank\" rel=\"noopener\">KnowBe4<\/a>.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Unfortunately, data exposure due to misconfigured security settings in applications, or in cloud storage containers, is far from uncommon in our modern digital world. Due to the volume of, and sensitivity of, data being collected, these misconfigurations can have serious implications, especially with systems that are internet-facing.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Fortunately, it appears that in this case data loss has not occurred, however, any time data is exposed, steps should be taken to review data access logs to ensure the data was not stolen.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">It is not enough to just rely on applications to keep data safe, processes and procedures must be in place to ensure that the data remains secure and the permissions that protect the data should be audited on a regular basis. Logging of data access should be enabled, along with regular reviews of data access activity, to ensure that information is not being accessed in unexpected ways or by unauthorized people. Regular and consistent training related to cybersecurity topics of all kinds can help to develop a security-centric mindset with employees, leading to more awareness around data protection and a greater likelihood that they will spot potential security setting misconfigurations.<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Chris Clements<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Chris Clements is VP of Solutions Architecture at <a href=\"https:\/\/www.cerberussentinel.com\/\" target=\"_blank\" rel=\"noopener\">Cerberus Sentinel<\/a>.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThe rush to the cloud has exposed many organizations\u2019 inexperience with the various cloud platforms and risks from their default configurations.\u00a0 Developing in a public cloud can have efficiency and scaling advantages, but it also often removes the \u201cSafety-net\u201d of development conducted inside internal networks protected by outside access by the perimeter firewall.\u00a0 It\u2019s critical that company\u2019s \u201clook before they leap\u201d with migrations or new development on cloud platforms to fully understand the potential security gotchas or risks that they might introduce.\u00a0 It\u2019s also instructive for cloud vendors to understand the risks that their chosen default settings have on customers and change them to provide higher security by default even if it reduces upfront convenience.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Nathanael Coffing<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Nathanael Coffing is CSO and co-founder of <a href=\"https:\/\/cloudentity.com\/\" target=\"_blank\" rel=\"noopener\">Cloudentity<\/a>.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cIn this scenario, the application programming interfaces (APIs) on Microsoft Power Apps were lacking authentication and authorization which made data from these applications publicly available, so that anyone actively searching for a web app containing users\u2019 information could have easily accessed personal data such as COVID-19 tracing forms, vaccination sign-ups and employee databases.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">While the flaws discovered in the platform have been patched, it\u2019s still evident that organizations have a long way to go in terms of proper API security. To prevent misconfigurations and similar vulnerabilities from occurring, APIs must be securely operated within Automated Identity, Authorization, Consent and governance guardrails to safeguard sensitive data. To stay ahead of cyber-criminals, this necessary level of security requires organizations to implement context-based, granular authorization for APIs, along with a Zero Trust API Authorization approach. Only then can organizations ensure all internal, customer and partner data that is stored and collected by their APIs is completely secure.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Matt Sanders<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Matt Sanders is Director of Security at <a href=\"https:\/\/logrhythm.com\/\" target=\"_blank\" rel=\"noopener\">LogRhythm<\/a>.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThis situation is a prime example of just how easily accessible personal data can be if not guarded behind the proper controls. In this case, 38 million personal records were exposed to the public after misconfigured default settings in a development platform were left publicly accessible. Personally identifiable information (PII), which cannot be changed or updated like you can with a credit card number, such as Social Security numbers, home addresses and COVID-19 vaccination statuses were exposed to anyone who had access to the platform. This is a great opportunity for threat actors and cyber-criminals to easily get ahold of valuable, personal data and use it to their advantage.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In order to quickly detect and neutralize security threats such as this one, it is essential for organizations to have the proper controls in place. Detection and response capabilities, authentication and access controls, and real-time monitoring and visibility are crucial to protecting valuable customer data. Large enterprises must prioritize advanced security controls in order to keep a proper eye on the personal information that is stored in their databases.\u201d<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Casey Ellis<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Casey Ellis is CTO and Founder of <a href=\"https:\/\/www.bugcrowd.com\/\" target=\"_blank\" rel=\"noopener\">Bugcrowd<\/a>.<\/span><\/i><span style=\"font-weight: 400\">\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThis breach highlights the importance of &#8220;making secure easy, and insecure obvious&#8221;. Insecure defaults are rarely classed as vulnerabilities in and of themselves, but the combination of the speed at which businesses have deployed technology over the past two years, the absence of feedback from those who &#8220;think bad, but do good&#8221; in the ethical hacker community, and the default itself all contributed to this particular data leak.\u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The breach is a good example and timely reminder of the value of ethical hackers in both the software design phase, and for testing systems in products &#8211; especially for organizations that are dealing with sensitive information such as Covid-19 contact tracing platforms. Without the enablement of security researchers via Microsoft\u2019s vulnerability disclosure program (VDP), the weakness would likely have remained exploitable for much longer, exposing the data to malicious adversaries.\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">A VDP, such as the one used by Microsoft, allows ethical security researchers to proactively and securely disclose cybersecurity vulnerabilities to the organization before adversaries can discover and exploit them. This offers a layered security approach, as it is to be leveraged in addition to an organization\u2019s internal security team.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The longer a vulnerability exists undetected, the more likely adversaries are to have already accessed or obtained the data. VDPs establish an open line of communication between the community of security researchers and organizations, so researchers can proactively report such vulnerabilities and organizations can fix them &#8211; before they\u2019re exploited by bad actors.&#8221;<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Josh Rickard<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Josh Rickard is Security Solutions Architect at <a href=\"https:\/\/swimlane.com\/\" target=\"_blank\" rel=\"noopener\">Swimlane<\/a>.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThe accidental exposure of personal records puts victims at extreme risk of data theft by threat actors to use to their malicious advantage, including identity theft and leakage of other personally identifiable information (PII), furthering the risk and exposure of those already victimized. In this case, 38 million total customers of several major companies have been left with their personal information\u2014such as home addresses, phone numbers, COVID-19 vaccination statuses, and Social Security numbers\u2014exposed to the public due to a misconfiguration in a common development platform used across all companies involved. These situations prove that, even after data exposures have been addressed and redressed, platform misconfigurations can have long-standing repercussions.\u202f\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">It is essential for major organizations, like the ones involved in this data exposure, to centralize and automate their detection, response, and investigation protocol into a single platform. The power of security automation allows organizations to improve the level of protection for valuable customer data. Implementing real-time security automation through SOAR solutions allows for automated incident response and execution of security-related tasks without the chance of human error, further ensuring the privacy of organizations\u2019 valued customers and their data.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><em><span style=\"font-weight: 400\">Thanks to these experts for their time and expertise. For more on similar cybersecurity topics, check out the <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener\">SIEM Buyer\u2019s Guide<\/a> or the <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/soar-buyers-guide-security-orchestration-automation-and-response\/\" target=\"_blank\" rel=\"noopener\">SOAR Buyer\u2019s Guide<\/a>.\u00a0<\/span><\/em><\/p>\n<br \/>Widget not in any sidebars<br \/>\n","protected":false},"excerpt":{"rendered":"<p>An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0 Microsoft Power Apps is a development platform designed to ease the creation of external applications. Exposed apps include American Airlines, Ford, J.B. Hunt, the Maryland Department of Health, the New York City Municipal [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":3058,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[353,1621,1285,1638,95,1639,112,86,1289,36,1637,1640,57,22,1197],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft Power Apps Platform Exposes Millions of Users Across Apps<\/title>\n<meta name=\"description\" content=\"An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Power Apps Platform Exposes Millions of Users Across Apps\" \/>\n<meta property=\"og:description\" content=\"An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-24T16:04:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/\",\"name\":\"Microsoft Power Apps Platform Exposes Millions of Users Across Apps\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"datePublished\":\"2021-08-24T16:04:29+00:00\",\"dateModified\":\"2021-08-24T16:04:29+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Panther Labs Releases State of SIEM 2021 Report\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Power Apps Platform Exposes Millions of Users Across Apps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Power Apps Platform Exposes Millions of Users Across Apps","description":"An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Power Apps Platform Exposes Millions of Users Across Apps","og_description":"An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2021-08-24T16:04:29+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/","name":"Microsoft Power Apps Platform Exposes Millions of Users Across Apps","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","datePublished":"2021-08-24T16:04:29+00:00","dateModified":"2021-08-24T16:04:29+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"An apparent misconfiguration of the Microsoft Power Apps platform resulted in the exposure of 38 million users across thousands of web apps.\u00a0","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","width":800,"height":400,"caption":"Panther Labs Releases State of SIEM 2021 Report"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/microsoft-power-apps-platform-exposes-millions-of-users-across-apps\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Microsoft Power Apps Platform Exposes Millions of Users Across Apps"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3541"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3541"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3541\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/3058"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}