Users of Docs.com are Doxing Themselves

If you or your company is a user of Microsoft's Docs.com, you may have unwittingly published your files for all the internet to see. 

Microsoft's popular cloud-based file hosting service is a go-to for quick and easy file management. Use it on your phone, and you'll have your boarding pass handy at the airport. Finishing up a last minute project in Word that you'll need quick access to print? Docs.com can be accessed from from any browser or device, allowing users to access and share their files in a snap.

This ease-of-access may be in part to blame for the wide-scale oversight of many docs.com users that their files, many confidential, default to public share settings. The clunky UI of the platform, which requires users to scroll down below the fold to see a warning and option to uncheck the public-by-default setting on their file once uploaded, may also have played a part.

After researcher Kevin Beaumont discovered that a large swath of users seem to have failed to either notice this disabling option or note that their documents were being published publicly, he and others reached out for comment.

Docs.com lets customers showcase and share their documents with the world. As part of our commitment to protect customers, we’re taking steps to help those who may have inadvertently published documents with sensitive information. Customers can review and update their settings by logging into their account at www.docs.com.
— Microsoft

The platform is also a popular tool among businesses, used to share documents internally; it is commonly used to host and share files that were likely never meant to be seen outside of an organization.

Without further ado, here are some of the most noteworthy items we found on the file sharing site, proving that you don't always have to be hacked to find yourself doxed.

Blueprints for Iranian drilling company devices

 

Passports and birth certificates

United States of America

United States of America

Romania

Romania

Nigeria

Nigeria

India

India

Pakistan

Pakistan

South Africa

South Africa

 

Tickets and more tickets

Cruise tickets

Cruise tickets

RYANAIR boarding pass

RYANAIR boarding pass

Ticket to the London International Tattoo Convention

Ticket to the London International Tattoo Convention

Saudia airlines boarding pass

Saudia airlines boarding pass

Ticket to "Geekonomicon"

Ticket to "Geekonomicon"

A ticket The Who concert (in Manchester!)

A ticket The Who concert (in Manchester!)

 

Prescriptions

Court Documents

A Colorado court's Division of Youth Corrections Reference Check form, with the minor's name and signature (redacted)

A Colorado court's Division of Youth Corrections Reference Check form, with the minor's name and signature (redacted)

Court documents with annotated, handwritten notes by the defendant detail current (pictured) and prior charges, with the markups tallying points to determine if charges add up to be potential felonies

Court documents with annotated, handwritten notes by the defendant detail current (pictured) and prior charges, with the markups tallying points to determine if charges add up to be potential felonies

 

Classified Documents

An appeal from a U.S. Army Sergeant after being suspended for numerous claims, which she refutes in this document

An appeal from a U.S. Army Sergeant after being suspended for numerous claims, which she refutes in this document

A classified FBI document about a classified operation

A classified FBI document about a classified operation

 

Fun stuff

Knife River Garden Club Watering Schedule

Knife River Garden Club Watering Schedule

Puppy contracts

Puppy contracts

"The Thermodynamics of Grilling Steak"

"The Thermodynamics of Grilling Steak"

 

What to do if you or your company inadvertently shared private documents

Kevin Beaumont shared his advice for those who may have accidentally and/or unintentionally shared private documents on docs.com:


Curious about something you've read on our blog? Want to learn more? Please reach out - we're more than happy to have a conversation.