In case you didn’t know, Microsoft provides Office 365 users with a free document-sharing platform called docs.com. It’s a great new tool for publishing files intended for public viewing. The downside is, sensitive documents are published without the file owners’ permission. These include hundreds of users who might be unaware that their private files can be viewed by the public.
Usernames and passwords for various devices and applications; personal information such as home and email addresses, bank account details, social security numbers, and phone numbers; and medical info comprising patient treatment data and health insurance numbers — all these were some of the supposedly leaked documents, which were clearly meant to be private. A security researcher discovered that these sensitive files were accessible using docs.com’s search function.
After being alerted to the ‘leak,’ Microsoft responded by removing the search bar. However, most of the documents were already indexed by search engines, Google and Bing, which is how these docs remained available to the public despite disabling the search function.
To alleviate the damage, Microsoft launched an update that limited what users can do to uploaded files, such as restricting files to a read-only status. Although buttons to ‘like,’ download, add to collections, and share in social media are enabled, only users who enter an email address, phone number, or sign in using their Office or Microsoft account can perform any of these functions. Since anyone can easily create a Microsoft account, docs.com users may not feel at ease.
Docs.com is easy-to-use and is valuable to those eager to publish their documents. The site’s user-friendliness also makes it a popular choice for Office 365 users who wish to ‘spread their work to the world.’ Office 365 users can easily upload from their own computer, OneDrive, or Sway account, and share away. Being a free service also adds a lot of incentive for users to upload their Word, Excel, or any other file onto the site.
In an effort to solve glaring privacy issues, Microsoft has issued some key updates, such as a warning message reminding users that the document to be uploaded will be publicly available on the web. While it may seem like Microsoft committed a blunder, a stricter privacy setting and a few stronger, more visible warnings to users can help make docs.com a useful productivity tool rather than a hacker’s hunting ground.
Discerning Office 365 users can make the most out of docs.com, but they should use the service with caution. If you’ve uploaded documents with sensitive information on docs.com, now is the best time to remove them from the site, or review your privacy settings here and in other document-sharing services.
If you’re not sure how to proceed, or want to learn more about this and other Microsoft products and services, call us now for advice.
Small businesses can enhance cybersecurity without sacrificing usability by using password managers, MFA, and SSO.…
When most small business owners think about protecting their data, they usually start with backups.…
Customized IT support and proactive network management reduce manufacturing downtime, optimize shop floor Wi-Fi, enhance…
Flexible, month-to-month managed IT contracts offer businesses control, predictable costs, local support, robust cybersecurity, easy…
Transparency in IT partnerships builds SMB trust through clear SLAs, honest pricing, proactive reporting, local…
Managed IT services by Trinity Solutions simplify compliance for small businesses by managing audits, documentation,…
This website uses cookies.