Microsoft’s file storage site lets anyone access users’ sensitive personal details extraordinarily easily

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Users of Microsoft’s Docs.com document storage service are being warned that search functionality allows anyone to access their uploaded files.

Without even signing in to the site, I was able to track down extremely sensitive personal information, including bank details, phone numbers, CVs, visa application forms and passport scans, all within a couple of minutes.

It’s an extraordinarily worrying issue, which was discovered by security researchers and first reported by ZDNet.

However, Microsoft hasn’t made a mistake, nor has Docs.com been targeted by hackers.

Rather, all files uploaded to Docs.com are stored publicly by default, and it appears that many users simply aren’t aware of this.

Microsoft is aware of the issue and temporarily removed the search bar from the Docs.com home page. However, that has now returned.

Files stored on Docs.com can also be found through Google and Bing searches.

The company has, however, now created a warning box that appears before users upload documents publicly.

“Docs.com lets customers showcase and share their documents with the world,” a Microsoft spokesperson told Ars Technica.

“As part of our commitment to protect customers, we're taking steps to help those who may have inadvertently published documents with sensitive information. Customers can review and update their settings by logging into their account at www.docs.com.”

If you have anything stored publicly on Docs.com, we’d recommend deleting it as soon as possible. You can then re-upload it privately if you wish.