If you or your company is a user of Microsoft's Docs.com, you may have unwittingly published your files for all the internet to see.
Microsoft's popular cloud-based file hosting service is a go-to for quick and easy file management. Use it on your phone, and you'll have your boarding pass handy at the airport. Finishing up a last minute project in Word that you'll need quick access to print? Docs.com can be accessed from from any browser or device, allowing users to access and share their files in a snap.
This ease-of-access may be in part to blame for the wide-scale oversight of many docs.com users that their files, many confidential, default to public share settings. The clunky UI of the platform, which requires users to scroll down below the fold to see a warning and option to uncheck the public-by-default setting on their file once uploaded, may also have played a part.
After researcher Kevin Beaumont discovered that a large swath of users seem to have failed to either notice this disabling option or note that their documents were being published publicly, he and others reached out for comment.
The platform is also a popular tool among businesses, used to share documents internally; it is commonly used to host and share files that were likely never meant to be seen outside of an organization.
Without further ado, here are some of the most noteworthy items we found on the file sharing site, proving that you don't always have to be hacked to find yourself doxed.
Blueprints for Iranian drilling company devices
Passports and birth certificates
Tickets and more tickets
What to do if you or your company inadvertently shared private documents
Kevin Beaumont shared his advice for those who may have accidentally and/or unintentionally shared private documents on docs.com:
Curious about something you've read on our blog? Want to learn more? Please reach out - we're more than happy to have a conversation.