Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Yanks Docs.com Search After Complaints of Exposed Sensitive Files (zdnet.com)

Posted by msmash on from the security-woes dept.

Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information. From a report on ZDNet: Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private. Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses. The company removed the site's search feature late on Saturday, but others observed that the files were still cached in Google's search results, as well as Microsoft's own search engine, Bing.

19 of 55 comments (clear)

  1. Information wants to be free by ColdWetDog · · Score: 5, Insightful

    Well, your information, not ours.

    FTFA (and a major WTF)

    All of the documents would have been uploaded by their owners, but they may not have realized that each document could be made public, which is Docs.com's default uploading setting, compared to files created or edited with Word and Excel Online, which are private until set otherwise.

    --
    Faster! Faster! Faster would be better!
    1. Re:Information wants to be free by MightyYar · · Score: 4, Interesting

      Maybe, but the site does declare "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free" in like 40-point font at the top of the home page. Why are people using this if they don't want to "showcase"?

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  2. Isn't the cloud great? by danomac · · Score: 4, Insightful

    I don't know why people use the cloud to store sensitive documents. It just doesn't seem like a smart thing to do.

    1. Re:Isn't the cloud great? by MightyYar · · Score: 4, Insightful

      Because sometimes it's just sort of "fuck it". You can stress over every move you make online, or you can take reasonable precautions and risk recovering from something like identity theft later on. One of those reasonable precautions should probably be using something reputable and purpose-built like Dropbox or Drive rather than something that proclaims on the front page "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free". Don't use a showcase site for your private files...

      Along the lines of "fuck it", I regularly put my tax documents in Dropbox during tax season. It's reasonably safe, I think, compared to putting them in my pocket in an easily-lost USB stick or on a frequently-stolen laptop. It's not like the physical world is completely safe, either, and Dropbox and Google are going to be better at IT than I am.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    2. Re:Isn't the cloud great? by Anonymous Coward · · Score: 2, Informative

      Ease of use and access. The same reason people do anything.

    3. Re:Isn't the cloud great? by __aaclcg7560 · · Score: 2

      I pulled my data out of the cloud and put it on a file server. It doesn't need to live 24/7 on the Internet.

    4. Re:Isn't the cloud great? by AthanasiusKircher · · Score: 2

      It's reasonably safe, I think, compared to putting them in my pocket in an easily-lost USB stick or on a frequently-stolen laptop.

      Now you have me curious -- just how often is this laptop stolen? How many owners has it had? Why would you want to store anything on such a thing?

      Or is it your laptop, and it's stolen again and again, but you keep recovering it? If so, do you work in some sort of sensitive information industry where somebody keeps deliberately taking your laptop and then making it easy for you to find it again (after they've presumably taken any new data on it, I guess?)?

      I'm really intrigued by this "frequently-stolen laptop" -- sounds like a fascinating story.

    5. Re:Isn't the cloud great? by 140Mandak262Jamuna · · Score: 2

      I pulled my data out of the cloud and put it on a file server. It doesn't need to live 24/7 on the Internet.

      Come on, it has to be. You might not need it. But companies that index and sell information need it to be on the net and be available when their web crawler is on the prowl.

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    6. Re:Isn't the cloud great? by mspohr · · Score: 3, Funny

      Research shows that there is a single "frequently stolen laptop" which has been stolen 137 times. This laptop is just a shite laptop which keeps getting stolen from Starbucks but it is so useless that people return it to Starbucks where it is stolen again by new unsuspecting thieves.
      Each thief who tries to use it enters their passwords into Yahoo mail and Facebook but it is so slow that they quickly realize that they are wasting their time and they can't even sell it to their dumb brother. Of course, this laptop contains a festering pile of malware so their passwords are immediately sent to The Great Orange One who reads their email and Tweets conspiracy theories about all of these people sending him sensitive super top secret data... so SAD.

      --
      I don't read your sig. Why are you reading mine?
  3. The homepage of Docs.com states by fattmatt · · Score: 4, Funny

    The homepage of Docs.com states ...
    -Tap below to upload your documents.
    -Later, you can choose who may view your documents.

    How much later is anyone's guess.

  4. Re:"as well as Microsoft's own search engine, Bing by Opportunist · · Score: 4, Funny

    Q: What is Bing?
    A: The sound a MS service makes when it crashes.

    Any Windows user knows it.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Privacy in the "Cloud"? What's that? by Frosty+Piss · · Score: 4, Informative

    Never heard of Docs.com, but come on, uploading documents to Microsoft (or worse, Google)? You know some algorithm is looking at them even if some random human cant access them.

    --
    If you want news from today, you have to come back tomorrow.
  6. And this Microsoft's fault, how? by Chris+Mattern · · Score: 2

    Stuff you marked as world accessible is world accessible.

    1. Re:And this Microsoft's fault, how? by goombah99 · · Score: 2

      from what it says, it's the default. If so, that's assbackwards.

      --
      Some drink at the fountain of knowledge. Others just gargle.
    2. Re:And this Microsoft's fault, how? by thegarbz · · Score: 3, Insightful

      This is Microsofts fault for two reasons:

      a) the default was backwards.
      b) regardless of what the default was, different defaults existed with different results based on how the file got to docs.com and the filetype, which is a privacy FUBAR in-and-of itself.

  7. I love Microsoft... by __aaclcg7560 · · Score: 3, Funny

    Microsoft = Job Security. I wouldn't have 20+ year old technical career without Microsoft. I don't expect that to change in the next 20+ years.

  8. Microsoft restores feature. by goombah99 · · Score: 5, Informative

    this is tacked onto the bottom of the linked article:
    Update on March 27: the search feature has been added back, and is still exposing personal information. Microsoft hasn't explained why it reintroduced the feature again.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:Microsoft restores feature. by zlives · · Score: 2

      because its later and the internet should have forgotten about risks already.

  9. Docs.com by jmyers · · Score: 2

    The whole point of the site is that you are putting documents there to be seen by everyone, sort of a YouTube for documents. It is a place to "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free". Showcase being the key work, hey everyone in the world, look at my pretty documents.

    I don't think this (for once) in a MS problem.