Review privacy settings, Microsoft users urged, over fears for uploaded files
MICROSOFT OFFICE 365 users have been warned to check their privacy settings after it emerged some files uploaded to the company’s document-sharing platform were publicly accessible.
File-sharing service docs.com is part of the firm’s Office 365 cloud platform and enables users to upload and share files with anyone they wish. However, it has been discovered the site stores files publicly by default, resulting in some users unintentionally sharing sensitive information, including passwords and health data, to the database which can also be publicly searched by anyone.
National insurance documents, pension forms and lists of passwords were found among search results, which can be accessed without a log-in.
Cyber security experts have now warned that the incident serves as the latest example of web-users not fully understanding where files can go when they are uploaded.
Security specialist Mark James from ESET said: “One of the problems with words like ‘Cloud’ is people’s perception of exactly what it means.
“We need to understand that ultimately, you’re just storing your information on someone else’s computer.
“Companies have an obligation to protect our privacy and in most cases, they can always do better, but usually the final decision of where we store our data is ours and one that we should review regularly.”
Cloud computing services work by housing data on remote servers, a system allowing users to access their files on any device.
A spokesman for Microsoft confirmed that the company was aware of the problem.
“Docs.com lets customers showcase and share their documents with the world,” the company spokesman said.
He added: “As part of our commitment to protect customers, we’re taking steps to help those who may have inadvertently published documents with sensitive information.”