Vulnerabilities in Microsoft Power Apps and a data breach

September 3, 2021

Once again, we introduce you to the case of a data breach. This time, the Microsoft Power Apps platform was the one affected.

Remember that this software tool helps to create custom apps in the cloud.

Alarming facts

  1. "This would be 38 million leaked customer/user records." - Cybersecurity News
  2. "Among the affected companies other than Microsoft is American Airlines." - Cybersecurity News

What are the relevant details of this case?

The cause: a weak cybersecurity configuration.

The organizations affected are those that work for reserving appointments for vaccination against COVID-19, companies based in Europe, Latin America, Oceania, East Asia, and South Asia.

Filtered data:

  1. Social security numbers
  2. Telephones
  3. Names
  4. Email addresses

The data stored in the Table Mode of the program is perfectly protected. However, it was not the same for those in List Mode who had a security deficiency due to a default setting, so unauthorized users can access them without a problem.

Microsoft became aware of the situation after being informed and implemented measures to correct these flaws.

After all the above, do not expect your app platforms to present security deficiencies and correct errors in time with reliable and highly qualified teams like the Theta432 team and through high-level and customizable services. Ask for more information at


  • Sánchez, C. (August 27th, 2021). Microsoft Power Apps expone millones de registros de usuarios. Retrieved from:

Authored by
Jorge Daniel Tejeda