What's creepy about Microsoft's Docs.com portal?

Microsoft’s Docs.com shares documents uploaded to the site as public by default, albeit many users are unaware, and many people even go as far as uploading their bank statements to the file sharing site.

While a simple search on Docs.com turns up sensitive information, such as: health insurance ID numbers, social security numbers, personal contact details, legal correspondence, among other personal data.

Microsoft had inadvertently removed the site wide search function from Docs.com, but as at the time of this post, the search function has been restored.

The issue was uncovered by security researchers, attributing the “exposure” setting that require users to scroll far down the left-hand navigation column during the upload process, for the public default of users documents.

Docs.com as the tagline depicts “Share your work with the world” was conceived as a way to put Office documents on the web without hosting them on your own website.

There are so much public personal information on Docs.com, as a result of design issue with the site, which doesn't require you to explicitly authorize documents you want to make public.

Microsoft, however, has responded by placing a warning box after clicking Save, to let users know that any information they upload will be public.
Next Post »