Hillicon Valley: Millions exposed due to Microsoft misconfiguration

Hillicon Valley: Millions exposed due to Microsoft misconfiguration
© Getty Images

Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter by clicking HERE.

Happy Monday! Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage. 

Cybersecurity group UpGuard started out the week on a bang by revealing its findings that 38 million records were exposed online earlier this year due to a misconfiguration in a Microsoft application, including COVID-contact tracing information. 


And about a week after tech companies announced plans to tackle Taliban content — with proposals to ban it to varying degrees — a U.N.-backed group came out with an update to its terrorist organization list to include the militant organization. The group now recommends platforms remove and ban content by Taliban after it regained control of Afghanistan. 

EXPOSED: Thirty-eight million records from dozens of organizations, including COVID-19 contact tracing information, were exposed online earlier this year due to a misconfiguration in a Microsoft product, according to research published Monday.

Cybersecurity group UpGuard’s research team detailed in a report that it had notified 47 groups that their data had been exposed. These were government organizations including the Maryland Department of Health, New York City Schools, New York City Municipal Transportation Authority and the government of the state of Indiana. 

Data from private companies was also exposed, including from various other Microsoft groups, Ford, American Airlines and J.B. Hunt. Data exposed included COVID-19 contact tracing, vaccination appointments, Social Security numbers, employee IDs and other personal information on millions of individuals. 

The exposed data, first discovered by researchers at the end of May, was not compromised, and was the result of configuration on Microsoft’s Power Apps, which allows customers to build data applications for their business needs. The application exposed millions of data points due to them being made publicly available as a result of a configuration in Power Apps that has since been corrected. 

Read more about the incident here.

BAN IT: Tech platforms should ban or restrict content from the Taliban, a United Nations-backed group advised Monday.

The group, Tech Against Terrorism, added the Taliban, which has regained control of Afghanistan amid the pullout of U.S. forces, to its Terrorist Content Analytics Platform (TCAP), which detects verified terrorist content online and alerts platforms of it. 

“The Taliban was one of the groups that we have considered adding to the TCAP for a long time, however in light of recent events in Afghanistan and to provide clarity for the tech companies we work with on this (admittedly challenging) content moderation issue, we have decided to accelerate inclusion of official Taliban content,” the group said in a statement.

“Whilst we appreciate that this is a challenging moderation issue, the fact that the Taliban now effectively constitutes the Afghan government should not prevent platforms from implementing their rules in this area and from removing material produced by a designated terrorist organisation,” the group said. 

Read more about the update

SCHOOLS BACK FOR HACKERS: Hackers are ready to pounce on schools and universities as they attempt to restart classes 18 months into the coronavirus pandemic while already dealing with controversial subjects such as mask mandates and hybrid learning.

Both K-12 schools and colleges have been increasingly subjected to ransomware attacks, class interruptions on virtual learning platforms, phishing emails and identity theft, further disrupting an already challenging learning environment.

“Last year was quite rough,” Doug Levin, the national director of the K-12 Security Information Exchange, told The Hill. “This year unfortunately, given the continuing challenge of responding to COVID, I think we are likely to see some school districts bouncing back and forth again between in-person and remote learning, or at least making that option available.”

Threats against the education sector have spiked over the past year, as classes have moved online with little time to prepare and under-resourced schools and colleges have struggled to cope with the increase in cyber threats that digital learning brought.

Read more about the concerns here.

ICYMI: ABOUT THAT REPORT: Facebook said that an article about a doctor who passed away two weeks after getting a coronavirus vaccine was the top-performing link on the social media platform in the U.S. from January to March, according to a report released Saturday.

Facebook executives had initially shelved the report, according to The New York Times. Instead, last week Facebook released a report with data on the most widely viewed content between April to June, raising questions about the data from the start of the year. 


The article that was a top-performing link on Facebook in the first quarter of the year, published by the South Florida Sun Sentinel and distributed by the Chicago Tribune, details an incident in which a medical doctor developed a condition that causes internal bleeding after he was vaccinated against COVID-19. He died from the condition in January. 

The article states, however, that there is not enough evidence to confirm whether or not his death was related to the COVID-19 vaccine. 

According to Facebook's report, the article was viewed over 53 million times. 

Read more here

An op-ed to chew on:  It's time to break up Big Tech's media monopoly

Lighter click: Dog days of summer



How local governments are scaring tech companies (Protocol / Ben Brody)

As Demand For Bikes Surged, Amazon Got In The Way (The Verge / Decca Muldowney) 

Who Gets the L.L.C.? Inside a Silicon Valley Billionaire’s Divorce. (The New York Times / Daisuke Wakabayashi)  

Cyber insurance market encounters ‘crisis moment’ as ransomware costs pile up (CyberScoop / Tim Starks)