less than 1 minute read

In late August 2021, a data leak exposed 38 million private records via Microsoft’s Power Apps portals. Discovered by UpGuard, this misconfiguration is one of the most severe low-code security incidents to date. Microsoft has since changed default settings to mitigate the issue. However, users can still manually override these settings, posing a potential risk. This article delves into the root cause, Microsoft’s mitigation steps, and offers recommendations for Power Apps users.