Power Apps, a low-code development platform for creating business-intelligence tools, were susceptible to a default configuration that made their data sets findable by search engines or anyone with knowledge of the web address. 38 million records pf 47 organizations— containing names, dates of birth, addresses and, in some cases, Social Security numbers were exposed.