Microsoft Pulls Docs.com Search After It Exposed Sensitive Files, Including Investment Portfolios & Password Lists
Microsoft has pulled its Docs.com search feature after reports revealed how it had been inadvertently leaking sensitive data of millions of users. Earlier over the weekend, users complained that the company’s document sharing site allowed anyone to search through millions of files for personal and potentially sensitive information. Anyone was able to use Docs.com’s search feature to search for files that have been shared using the service.
The documents that users discovered through this feature revealed personal and sensitive information, including divorce settlement agreements, birth certificates, investment portfolios, credit card statements, and even password lists. For some users, the documents also included the Social Security Number, postal and email addresses along with phone numbers. Talk about a delightful data heaven for criminals that they didn’t even need to work for.
Microsoft Docs.com shares documents publicly, by default
Microsoft’s Docs.com was originally designed to share your documents and creations with friends and others on the internet. While the company obviously hasn’t suffered any data breach, this treasure trove came to the front thanks to default upload setting of the service, which is set to public.
This resulted in potentially millions of users uploading their documents publicly without realizing they were doing so. An obviously bad design and privacy decision since this feature should have been set to private by default, similar to other products like Microsoft Word.
As ZDNet noted, files are still cached in Google’s search results, as well as on Microsoft’s Bing engine. On Microsoft’s part, the company was quick to pull the Docs.com search feature right after first reports appeared. Microsoft added that it’s “taking steps to help those who may have inadvertently published documents with sensitive information.” The company has also advised its users to update their settings.