Security Researchers found that Microsoft searchable Docs.com service users have exposed a lot of their information like passwords and other private data on the Internet.
Microsoft description reads that “Docs.com is an online showroom where you can collect and publish Word documents, Excel workbooks, PowerPoint and Office Mix presentations, OneNote notebooks, PDF files, Sway stories, and Minecraft worlds. With Docs.com, it’s easy for you to share with others what interests you, and your content looks great on any device.”
Thus, you may observe that Docs.com service allows people to easily exchange documents, it implements a useful search engine that helps users to search them for keywords.
Microsoft further describes that - “Anything you publish with Public visibility will appear in worldwide search engine results and can be shared by you and others on social media sites. This option is a great way to get your work noticed. On the other hand, anything you publish with Limited visibility does not appear in search engine results and can be viewed only by people with whom a direct link to your content has been shared. Similarly, anything you publish with Organization visibility does not appear in search engine results and can be viewed only by those who sign in with a school or work account from your school or organization.”
Information Security experts analysed the service for inscribing such highly sensitive private information. Their study concentrated on looking at files and documents containing search keys like “password” and “confidential”.
It is found that users are inadvertently sharing personal and sensitive data via Docs.com. The experts have found bank account details, password lists, medical records, social security numbers and even a divorce settlement or two.
This kind of information, needless to say, is a boon to attackers for illegal purposes such as financial scams and identity thefts.
The experts found that thousands of people from Office 365 subscribers with Microsoft single-sign on accounts were giving sensitive documents. Following this discovery, Microsoft has temporarily shut down the search engine and alerted the subscribers.
A spokesperson of Microsoft told that “As part of our commitment to protect customers, we’re taking steps to help those who may have inadvertently published documents with sensitive information.”
We advise the users that it is essential to check every time security and privacy settings of the system to keep away from such issues.
No comments:
Post a Comment