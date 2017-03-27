Microsoft Yanks Docs.com Search After Complaints of Exposed Sensitive Files (zdnet.com) 20
Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information. From a report on ZDNet: Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private. Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses. The company removed the site's search feature late on Saturday, but others observed that the files were still cached in Google's search results, as well as Microsoft's own search engine, Bing.
Well, your information, not ours.
FTFA (and a major WTF)
All of the documents would have been uploaded by their owners, but they may not have realized that each document could be made public, which is Docs.com's default uploading setting, compared to files created or edited with Word and Excel Online, which are private until set otherwise.
That's a serious design-level security bug. Morons.
Maybe, but the site does declare "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free" in like 40-point font at the top of the home page. Why are people using this if they don't want to "showcase"?
Microsoft restores feature. (Score:2)
this is tacked onto the bottom of the linked article:
Update on March 27: the search feature has been added back, and is still exposing personal information. Microsoft hasn't explained why it reintroduced the feature again.
Isn't the cloud great? (Score:4, Insightful)
I don't know why people use the cloud to store sensitive documents. It just doesn't seem like a smart thing to do.
Because sometimes it's just sort of "fuck it". You can stress over every move you make online, or you can take reasonable precautions and risk recovering from something like identity theft later on. One of those reasonable precautions should probably be using something reputable and purpose-built like Dropbox or Drive rather than something that proclaims on the front page "Showcase and discover Microsoft Word, Excel, PowerPoint, OneNote, Sway, Minecraft world and PDF documents for free". Don't use a showcas
Q: What is Bing?
A: The sound a MS service makes when it crashes.
Any Windows user knows it.
The homepage of Docs.com states (Score:2)
The homepage of Docs.com states
...
-Tap below to upload your documents.
-Later, you can choose who may view your documents.
How much later is anyone's guess.
Privacy in the "Cloud"? What's that? (Score:3)
Never heard of Docs.com, but come on, uploading documents to Microsoft (or worse, Google)? You know some algorithm is looking at them even if some random human cant access them.
And this Microsoft's fault, how? (Score:3)
Stuff you marked as world accessible is world accessible.
from what it says, it's the default. If so, that's assbackwards.
