In a new development, Microsoft has rolled back a feature that allowed users to search for millions of public documents on its document sharing site Docs.com, without any restriction. This feature has been around for long, and it enabled users to access sensitive information of any user without any permission or request.
This was done after many users took to Twitter to complain about this slip-up that allowed anyone to search through millions of documents on the site easily. Search results on Docs.com "included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements - some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses," ZDNet reports.
Microsoft has quietly pulled the search feature down from the site without any notice, making it more look like it's a slip-up on the Redmond giant's part. A Microsoft spokesperson told ZDNet that the company was "taking steps to help those who may have inadvertently published documents with sensitive information."
The report also states that the files were still cached in Google and Bing's search results for everyone to see. There has been no breach on Docs.com, but the worst part is that perpetrators did not even need to hack Docs.com to gain sensitive information, as it was easily accessible through the search feature.
While Microsoft should have had a more stringent search feature in place at first, the users at their end also mistakenly published documents without having realised that they have gone public. The Docs.com's default setting is to make the file public, unless the user sets it specifically as private. Microsoft should have reversed the default setting keeping privacy as top priority. For now, we recommend users to head to their account and update the privacy setting immediately.
No comments:
Post a Comment