Microsoft's Docs.com Leaks Personal InformationBad UI Design Combined with Inattentive Users = Inadvertent Breach
Microsoft's Docs.com file-sharing service has been an open window to viewing people's personal data. The company appears to have taken some steps to contain the exposure, but those watching closely say sensitive personal information can still be found via search engines.
Docs.com is designed as an online repository that lets people to share their data easily with others. The site also has a search function to find files.
"It would appear that some people aren't aware that documents uploaded to docs.com are made public by default."
A U.K.-based researcher, Kevin Beaumont, began searching for sensitive terms and turned up a raft of worrying data, including password lists, bank account details, Social Security numbers.
He jokingly dubbed Docs.com as Dox.com, a reference to the practice of doxing, where hackers publish sensitive information online against the wishes of a victim.
"People clearly don't understand how the service works," he writes on Twitter.
Poor UI Design
The data exposure isn't the result of a direct error by Microsoft. Rather, it would appear that some people aren't aware that documents uploaded to docs.com are made public by default. That's unlike other file uploading services that default to private access.
Docs.com displays a preview of a newly uploaded document. There's a left hand panel of controls that lets users add a description and author. But you have to scroll down to see a warning that the document will be public by default. The top third of the panel shows a save button that publishes the document to the web.
To keep the document off the public web, a user has to choose the "limited" option, which only allows those who have a direct link to the document to view it.
Since Beaumont began tweeting about the problems on March 24, it appears Microsoft has taken action. The company removed the search feature from docs.com for a while, but for some inexplicable reason, reintroduced it.
As such, it is still possible to find documents with information that it's plausible to assume users would not want exposed. Since the documents have been exposed to the internet, search engines may have cached some of the data. As of March 28, it was possible to use Google to do a site-specific search of docs.com and retrieve data whose owners probably don't realize is public.
Microsoft officials aren't getting into the details of how it is handling the leak. It does appear that some docs.com accounts with flagrant personal information have been flagged, as documents that show up in a Google search can't be rendered.
"As part of our commitment to protect customers, we're taking steps to help those who may have inadvertently published documents with sensitive information," Microsoft says in an email statement. "Customers can review and update their settings by logging into their account at www.docs.com."
Enforce the Safer Option
Microsoft may not be directly responsible for the data leakage, but it definitely made some horrendous design choices. Clearly, making documents public by default was a bad decision.
The security community knows well that lightly enforcing the safer option is always best. It's unreasonable to expect that users are going to carefully examine any UI interface and choose the safest option.
While the ultimate fault does rest with users here, Microsoft should have seen this coming.