Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly
On March 25, security researcher Kevin Beaumont discovered something very unfortunate on Docs.com, Microsoft's free document-sharing site tied to the company's Office 365 service: its homepage had a search bar. That in itself would not have been a problem if Office 2016 and Office 365 users were aware that the documents they were posting were being shared publicly.
Unfortunately, hundreds of them weren't. As described in a Microsoft support document, "with Docs.com, you can create an online portfolio of your expertise, discover, download, or bookmark works from other authors, and build your brand with built-in SEO, analytics, and email and social sharing." But many users used Docs.com to either share documents within their organizations or to pass them to people outside their organizations-unaware that the data was being indexed by search engines.
You can probably see where I'm going with this and https://t.co/3TC07CB8gE. pic.twitter.com/zCJAcNNx3a
- Kevin Beaumont (@GossiTheDog) March 25, 2017
Within a few hours, Beaumont, a number of other researchers, and Ars found a significant number of documents shared with sensitive information in them-some of them discoverable by just entering "passwords" or "SSN" or "account number."
Read 7 remaining paragraphs | Comments