Microsoft's Docs.com is sharing dangerously sensitive personal files and information

Microsoft's Docs.com is sharing dangerously sensitive personal files and information

If you use Microsoft’s Docs.com to store personal documents, stop reading this and make sure you aren’t inadvertently leaking your private information to the world.

Microsoft sets any documents uploaded to the document sharing site as public by default—though it appears that many users aren’t aware of it. That means anyone can search Docs.com for sensitive personal information that wasn’t manually set private. PCWorld found social security numbers, health insurance ID numbers, bank records, job applications, personal contact details, legal correspondence, and drivers license numbers with just a few minutes of searching.

The issue was recently uncovered by security researchers and first reported by ZDNet on Sunday. For a short time, Microsoft removed the site wide search function from Docs.com, but the functionality was back as of Monday morning.

Using basic search techniques, we were able to spot numerous documents containing extremely personal details, finding more than enough information in many of the documents to expose users to identity theft and social engineering attacks. Due to the sensitivity of the information, we won’t publish or link to any of the files we’ve reviewed.

Sharing your work with the world

The reason there is so much public personal information on Docs.com can be chalked up to user confusion about what Docs.com really is, as well as a somewhat problematic design by Microsoft.

The tagline for Docs.com is “Share your work with the world.” It’s a way to put Office documents on the web without hosting them on your own website. As such, files are set to public by default, though you can adjust each document’s privacy settings. The majority of online document and productivity services—including Microsoft’s Office Online and Google Docs—default to keeping files private by default, requiring you to explicitly authorize documents you want to make public.

docscom1 Brad Chacos/PCWorld

What a user first sees when they upload a document to Docs.com.

As for the design issue, the “Visibility” setting that informs users their documents will be public requires users to scroll far down the left-hand navigation column during the upload process. There’s little reason to scroll down, however, since the Save button is immediately visible.

docscom3 Brad Chacos/PCWorld

Microsoft’s warning dialog.

At this writing, and to Microsoft’s credit, a warning box does appear after clicking Save, letting users know that any information they upload will be public. But the warning box is in the same column as the Save button and many users likely click Save a second time without reading it.

The impact on you at home: As we said earlier, if you are using Docs.com for any documents, it would behoove you to check what you have up there and remove anything with personal information.

In general, it’s a bad idea to save documents with personal information on any online service, be it Docs.com, or cloud storage services like Dropbox or OneDrive. If you must upload personal information, then learn to use strong encryption for your documents prior to putting them online. That way if hackers gain access to your account they won’t be able to read your personal data.

IDG Insider

PREVIOUS ARTICLE

«10 powerful, obscure Windows keyboard shortcuts you should know

NEXT ARTICLE

Fitbit Alta HR review: The best fitness tracker for most people»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?