Microsoft has announced that a leak of data from its Power Apps portals has exposed the personal details of 38 million users, including names, email addresses, Social Security information, phone numbers, and even Covid vaccination statuses. The software is used by organizations from school systems to corporations like Ford and American Airlines.
For their part, Microsoft maintains that the issue isn’t a vulnerability, but rather an issue with the configuration in how the OData API handles public and private data.