Microsoft has been forced to pull the search feature from its Docs.com website after it was found to be inadvertently leaking private data on millions of users.
Over the weekend it was discovered that the search feature allowed users to browse through millions of files shared from other users that contained potentially sensitive or personal information.
This meant that anyone who used the search feature could look at a document or file that had been shared using the service.
Some of the documents discovered in the leak were found to be items such as credit card statements, mortgage proposals, birth certificates, divorce settlements and investment portfolios.
Some of these documents included data such as social security numbers, addresses, email addresses and in some instances even the passwords to online accounts, which would have been rich pickings should any of this info have fallen into the hands of cyber criminals.
Reading a report by ZDNet it sounds like it was by pure luck that that hackers were not able to take advantage of the glitch.
Docs.com was designed by Microsoft to help users easily share documents with friends or colleagues.
While Microsoft stresses it has not suffered a data breach, the incident occurred because any documents uploaded to Docs.com are made public by default. This meant that millions of unwitting users made their documents public without even realising it.
In response Microsoft it promptly removed the search feature once the glitch was discovered and that it is “taking steps to help those who may have inadvertently published documents with sensitive information.”
Microsoft is also advising all users to double check their security settings.