Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Bowdon]

Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly

https://arstechnica.com/security/2017/03/doxed-by-microsofts-docs-com-users-unwittingly-shared-sensitive-docs-publicly/

On March 25, security researcher Kevin Beaumont discovered something very unfortunate on Docs.com, Microsoft's free document-sharing site tied to the company's Office 365 service: its homepage had a search bar. That in itself would not have been a problem if Office 2016 and Office 365 users were aware that the documents they were posting were being shared publicly.

Unfortunately, hundreds of them weren't. As described in a Microsoft support document, "with Docs.com, you can create an online portfolio of your expertise, discover, download, or bookmark works from other authors, and build your brand with built-in SEO, analytics, and email and social sharing." But many users used Docs.com to either share documents within their organizations or to pass them to people outside their organizations—unaware that the data was being indexed by search engines.

I'm not sure if this is down to users ignorance, or a lack of information by Microsoft. I'm marking it down to another reason not to trust M$. I'm betting the public function is on as default (or if they can even make it private!?).

[sevenlayermuddle]

Not like me to defend Microsoft.   But Hmm, people upload documents to a sharing service, without checking who can see them .  And then they try to blame somebody else for their own stupidity and negligence?

Sorry, but imho the big lesson the public need to learn is simply, never upload anything, unless you know exactly what you are doing.  Trust nobody.

[Bowdon]

Oh I totally agree.

It does seem though that when it comes to online privacy most people don't give it much thought.

I posted on another thread yesterday how people seem to have the 'check in' function on when using facebook (and I think twitter), so if they go anywhere and type a status message then the site tells people where they currently are, so giving the signal they arent at home. There as been many instances of homes being broken in to because of that.

Even when that kinda stuff is known people are still uploading private compromising pictures to the cloud and are 'shocked' when they get leaked. I believe there was a big event a year or so ago called 'The Fappening', I'll leave you to think about what fapping is in the youngsters speak these days lol. Needless to say it involved the mass hack attack on celebrities cloud space and private material was leaked online. It STILL happens today. So these people havent learned anything.

I think the companies should take some of the blame though by keep pushing this 'cloud storage'. I don't think the average person realises what the alternative is.. i.e. attach a usb drive next to their computer. I'm sure a big majority of people don't need cloud storage, especially with their upload speeds.