Misconfigured Microsoft Power Pages Expose Millions of Sensitive Records

by Justin Erickson

Misconfigurations in Microsoft Power Pages, a low-code web development platform, have led to the exposure of millions of sensitive records. Security firm AppOmni identified the issue, revealing weak default settings or improper configurations. This left data such as personal information, financial records, and business operations details accessible to unauthorized parties. This problem is not native to Power Pages, it is an industry wide issue majorly because of misconfigurations by the user. Organizations using low-code website building platforms should audit their configurations and settings, implement Principle of Least Privilege (PoLP) controls, and follow other security best practices to stay secure.