Were Your Private Files and Information Leaked by Docs.com?

Posted by Holger Dyroff – 31. March 2017

This past Sunday ZDnet’s Zack Whittaker was the first to report that Microsoft’s document sharing site, Docs.com, has been leaking users’ personal files and information.

Leaky Cloud“Users had complained over the weekend on Twitter that anyone could use the site’s search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private.

Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements — some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses.”—Jack Whittaker, ZDnet, “​Microsoft pulls then revives Docs.com search after complaints of exposed sensitive files”

This latest leak just adds one more reason to our long, and ever growing, list of reasons as to why, when it comes to sensitive data, the only person you should trust is yourself. Simply stated, privacy is not ensured on these cloud services.

Docs.com may seem appealing as a means of searching for documents, but ownCloud offers a full text search functionality (based on Elasticsearch), that allows users to find documents and files based on the content within their files, rather than just the file name. This is made possible via the Elasticsearch, an open-source search engine that indexes files in ownCloud and thus enables very performant searching on content level.

Whittaker goes on to say that:

“In an age of data breaches, leaks, and exposures, this incident falls within a unique set of parameters.

It’s clear that Microsoft hasn’t suffered a data breach, though its users have inadvertently had their data exposed. Who’s to blame depends on how you look at it. All of the documents would have been uploaded by their owners, but they may not have realized that each document could be made public, which is Docs.com’s default uploading setting, compared to files created or edited with Word and Excel Online, which are private until set otherwise.”

At ownCloud, we take security very seriously and we know that it encompasses broad considerations, processes and technologies.  ownCloud installs in your data center; managed by you, to your policies, following your procedures. Encryption at rest secures your files on the server and still allows sharing among users. The File Firewall ensures all access requests meet rules set by the administrator, and existing infrastructure – such as intrusion detection and log management – can provide added layers of security. With WebDAV, mobile libraries and the ownCloud API as well as several enterprise-only apps, secure file sharing is in your control.

Have ease of mind over your data with ownCloud!