The Microsoft Power Apps Portal Data Leak Revisited: Are You Safe Now?

less than 1 minute read

In late August 2021, a data leak exposed 38 million private records via Microsoft’s Power Apps portals. Discovered by UpGuard, this misconfiguration is one of the most severe low-code security incidents to date. Microsoft has since changed default settings to mitigate the issue. However, users can still manually override these settings, posing a potential risk. This article delves into the root cause, Microsoft’s mitigation steps, and offers recommendations for Power Apps users.

Direct Link

Twitter Facebook LinkedIn

Followup links for All You Need Is Guest RSAC 2024

less than 1 minute read

Assorted links for All You Need Is Guest @ RSAC 2024:

Power Platform DLP Bypass via Copy-And-Paste

6 minute read

Last August I gave a talk at BlackHat USA titled All You Need Is Guest. In it, I showed how simple guest access to EntraID could be escalated into full contr...

All You Need Is Guest

7 minute read

This is a long overdue blog version of a talk I gave at BlackHat USA 2023 titled All You Need Is Guest. Slides and video recording are available as well.

The Challenges of AI Security Begin With Defining It Permalink

less than 1 minute read

Security for AI is the Next Big Thing! Too bad no one knows what any of that really means.

Michael Bargury

The Microsoft Power Apps Portal Data Leak Revisited: Are You Safe Now?

You May Also Enjoy

Followup links for All You Need Is Guest RSAC 2024

Power Platform DLP Bypass via Copy-And-Paste

All You Need Is Guest

The Challenges of AI Security Begin With Defining It Permalink