Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Yanks Docs.com Search After Complaints of Exposed Sensitive Files (zdnet.com)

Posted by msmash on from the security-woes dept.

Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information. From a report on ZDNet: Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private. Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses. The company removed the site's search feature late on Saturday, but others observed that the files were still cached in Google's search results, as well as Microsoft's own search engine, Bing.

4 of 55 comments (clear)

  1. Information wants to be free by ColdWetDog · · Score: 5, Insightful

    Well, your information, not ours.

    FTFA (and a major WTF)

    All of the documents would have been uploaded by their owners, but they may not have realized that each document could be made public, which is Docs.com's default uploading setting, compared to files created or edited with Word and Excel Online, which are private until set otherwise.

    --
    Faster! Faster! Faster would be better!
  2. Isn't the cloud great? by danomac · · Score: 4, Insightful

    I don't know why people use the cloud to store sensitive documents. It just doesn't seem like a smart thing to do.

    1. Re:Isn't the cloud great? by MightyYar · · Score: 4, Insightful

      Because sometimes it's just sort of "fuck it". You can stress over every move you make online, or you can take reasonable precautions and risk recovering from something like identity theft later on. One of those reasonable precautions should probably be using something reputable and purpose-built like Dropbox or Drive rather than something that proclaims on the front page "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free". Don't use a showcase site for your private files...

      Along the lines of "fuck it", I regularly put my tax documents in Dropbox during tax season. It's reasonably safe, I think, compared to putting them in my pocket in an easily-lost USB stick or on a frequently-stolen laptop. It's not like the physical world is completely safe, either, and Dropbox and Google are going to be better at IT than I am.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  3. Re:And this Microsoft's fault, how? by thegarbz · · Score: 3, Insightful

    This is Microsofts fault for two reasons:

    a) the default was backwards.
    b) regardless of what the default was, different defaults existed with different results based on how the file got to docs.com and the filetype, which is a privacy FUBAR in-and-of itself.