Jump to content

Microsoft Accidentally Exposes User Personal Files, Including Password Lists


CrAKeN

Recommended Posts

microsoft-accidentally-exposes-user-pers

 

Docs.com document sharing platform

 

Microsoft’s Docs.com, the company’s document sharing platform integrated into the Office productivity suite, accidentally exposed user files that were supposed to be private.

 

According to reports, the search feature available on Docs.com displayed documents that weren’t configured to be public, with Microsoft quickly acknowledging the issue and removing the search box altogether to protect its users.

 

And yet, some of the documents that were made public remained available in other ways, including Google’s cached results and even Microsoft’s own Bing search engine.

 

Microsoft is yet to provide a statement to explain what exactly went wrong and how users’ private files ended up being publicly accessible, but there’s a good chance it all happened by accident and no hack is involved whatsoever.

 

Credit card statements also exposed


It appears that among the documents that were exposed, there were also password lists, credit card statements, and other sensitive documents that included personal information such as Social Security Numbers, dates of birth, addresses, and driving license numbers.

 

By default, the Docs.com sharing option is configured to “public,” which means that users need to manually make their files private should they not want other people to access them. Making them available in the search results, however, exposes users to identity theft, so users who believe they might have been impacted by this error are recommended to get in touch with Microsoft.

 

The simple fact that Redmond reacted quickly and removed the search feature completely is living proof that providing access to these documents wasn’t supposed to happen, so we’ve reached out to the company to ask for more information on why the document sharing service exposed these files.

 

In case you’re wondering, the Docs.com service is only meant to help share documents like stories using a social approach that includes personalized pages and custom profiles. This could obviously raise questions regarding the type of information that users agreed to upload, but this doesn’t necessarily mean that everything should become public when the privacy switch is on.

 

Source

Link to comment
Share on other sites


  • Replies 1
  • Views 419
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...