Docs.com Users Warned to Check Sharing Settings
Users of Microsoft's Docs.com have been warned to review security settings on their account. Researchers found it was all too easy to search and find personal data contained in documents mistakenly made public.
Docs.com is designed to make it easy to share documents with other users over the Internet, including PDF files and those in Office formats, regardless of the device and operating system they are using. The site includes a search feature that lets a user look for text in any document on the service to which they have access - something that's designed to make it much easier when working with large numbers of documents.
Passwords and Divorce Deals Revealed
The service received some unwelcome attention this week when researchers pointed out that searching for terms such as "password" and "login" brought up documents that contained sensitive information. That in turn prompted people to think up other things to search for such as divorce settlements
While it's possible the people concerned simply didn't care who could see these details, it's far more likely they either weren't aware that files on the service could be publicly viewable and searchable, or that they didn't realize this is the default setting. That's in contrast to the online editions of Office applications, where created and edited documents are private by default. (Source: networkworld.com)
Three Levels of Access on Docs.com
Users can in fact choose three levels of access for documents shared through Docs.com. As well as public sharing (with the document also being available to search engines), there's an option for "limited sharing" where only people given a specific URL can access the document. The third option is to only make it available to people using a shared organization account, such as a school or business.
Users Received Double Warning
Microsoft had previously been aware of the potential for people to unintentionally over-share. Last year, it tweaked the site so that users will see at least two mentions of the document being publicly available by default before they upload it. Given the type of information that's been shared this way, that wasn't enough warning for everybody.
After this week's publicity, Microsoft briefly shut down the search function and contacted those users it believed may have inadvertently made documents public. It has since restored the search tool. (Source: theregister.co.uk)
What's Your Opinion?
Who is to blame: Microsoft or the users themselves? Should Microsoft change the service so that documents aren't shared publicly by default? Does it need to do more to warn users about the risks of sharing, or should this be obvious given it's the main point of the service?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Microsoft's fault
In the last 21 years I've been using the Internet, there has never been a need for me to share a document that would normally be stored locally (and privately) on my own hard drive for everyone to read online the Internet - aside from those I publish on this website. I am not sure what Microsoft was thinking when the default action is to publicly share all uploaded documents - unless they were hoping to cash in with search engines (by making the documents publicly available) and by placing ads next to said documents. In that case, the latter makes sense - providing full disclosure.