Microsoft removed Docs.com’s search engine after exposing millions of private files by mistake
Microsoft has removed the search feature of Docs.com, its integrated document sharing platform in Office, after users complained that personal files and other personal information had been exposed, as recorded in SoftPedia.
Apparently, the complaints have been constant on Twitter throughout the weekend. As reported by users, through the integrated search engine you could access documents and files hosted on the web, which should remain private.
According to media such as ZDNet, among the sensitive information exposed are lists of passwords, employment acceptance letters, investment portfolios, divorce agreements and credit card account statements. According to the media, some of the latter included social security numbers and driving licenses, birth dates, telephone numbers and postal and electronic addresses.
Although Microsoft removed the search function last Saturday, some of the documents that had been made public were still available from the Google and Bing cached versions, the Redmond company search engine.
It was an accident
According to SoftPedia, Docs.com’s document sharing option is configured as “public”, which means that users must manually indicate that their files are private and that they do not want anyone else to access them.
What consequences does it have that could be found as search results? According to the media, users are exposed to identity theft as a result, so it is recommended that users who have seen their exposed data contact Microsoft.
What does seem to be more or less clear is that the fact that the Redmond company has reacted so quickly, and has eliminated the search function completely, is that this should not happen and that it is an accident.
Who is responsible? It depends on how you look at it. On the one hand, users whose data has been exposed could have verified that their documents, in fact, could not be accessed publicly. On the other hand, that Microsoft has reacted at this speed means that the company also has its share of responsibility.
For its part, Microsoft has not yet made comments to explain what has gone wrong or how the private files of users ended up being accessible by the general public. What does seem clear is that it was an error that they have tried to solve as soon as possible, although it remains to be known what the company has to say.