Microsoft's Docs site still leaking sensitive info

By on
Microsoft's Docs site still leaking sensitive info

Reinserted search function not yet fixed.

Microsoft's Docs.com document sharing website continues to reveal private content uploaded by users despite the software giant's assurances that it has addressed the problem.

Microsoft earlier today said it had taken down the Docs.com search function after ZDNet reported it allowed anyone to find sensitive documents through targeted terms such as "password", "application", and "home address".

But the search function quickly reappeared towards the end of the day, and continues to deliver sensitive results like credit card statements, job applications, curricula vitae, and medical information and security clearance forms, iTnews has confirmed.

The documents can be viewed in a web browser and downloaded, and can also be shared by viewers, who don't have to be logged in, on social media and via email, iTnews testing showed.

Viewers can also like the documents, and add them to collections of their choosing.

Adding insult to injury, Microsoft's Bing search engine has indexed a range of documents with sensitive information from Docs.com.

Microsoft set up Docs.com for users to "showcase and discover" documents from the company's products such as the Office productivity suite, Sway, Adobe PDF files, and Minecraft.

The company had not responded to request for comment by the time of publication.

Update: A Microsoft spokesperson offered the below comment:

"Docs.com lets customers showcase and share their documents with the world. As part of our commitment to protect customers, we're taking steps to help those who may have inadvertently published documents with sensitive information.

"Customers can review and update their settings by logging into their account at www.docs.com."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
In Partnership With

Most Read Articles

Log In

Username / Email:
Password:
  |  Forgot your password?