Microsoft's Docs.com search feature leaks sensitive files
Users of Microsoft's Docs.com website took to Twitter to complain after files marked as private were made public by the sites' search function.
In response, Microsoft pulled the search feature from the site, but it is now back up and running. Even during the time it was not possible to search the site directly, Google and Bing searches could still be conducted to reveal social security numbers, job applications, contact details, and other private information.
While it is possible to mark files as private or public, it appears that the owners of files exposed over the weekend were under the impression that their files were private and hidden away from prying eyes. ZDNet reports that a range of highly-sensitive personal information was exposed but at the moment it is not clear what’s to blame.
By default, files that are uploaded to the service are marked as public, and it is possible that users simply did not know that this was the case, or they forgot to change the visibility. A Microsoft spokesperson said the company was "taking steps to help those who may have inadvertently published documents with sensitive information."
The issue played out on Twitter as users not only complained about the exposure of information, but also sharing images of data that had been found. The problem was exacerbated by not only searches still being possible thanks to Google and Bing caching data, but also that Docs.com's default privacy setting is different from Microsoft's online Office tools.