Microsoft’s public-by-default file sharing site
This morning on Twitter, I saw that @rosyna had retweeted this tweet from @GossiTheDog:
https://twitter.com/gossithedog/status/845446263244050434
That seemed insanely scary, so I did a quick search on docs.com for password 1I am not revealing anything secret here; the original tweet went to thousands of people, and many have already noted the number of shared password files.. The results were quite shocking—hundreds of files containing full login information to major sites—Apple, AT&T, Facebook, Gmail, Linkedin, Netflix, PayPal, Twitter, etc.
It seems crazy to think that these users are intentionally sharing this information with the world. I wanted to see how it was happening, so I logged into docs.com with my Office365 account to see. I created a simple file to upload as a test. After uploading, you have to set a bunch of options before you save the file; one of the settings is the Visibility, and this is the default setting:
Yes, docs.com defaults any uploaded file to world-visible, "giving it a larger audience." Yikes!