Credit card details, passwords and social security numbers are just some of the highly sensitive documents leaked by an online sharing site.
Computer security researchers have revealed that Microsoft’s Docs.com is automatically sharing data – which users believed they were distributing privately among colleagues – with the public.
Anyone using the site’s search engine can access this information and the leak could affect millions of users.
The free service is linked to the software giant’s Office 365 suite of productivity programs, like Word, Powerpoint and Excel.
The Docs.com website has a search function which allows users to find publicly shared information.
Over 1.2 billion people use Microsoft’s Office products worldwide.
Businesses often use the service to share documents with colleagues, unaware that – in some cases – they are also being shared online by default.
This means confidential and sensitive information – extremely useful for identity theft – is visible to the whole of the internet.
Among the data found were dates of birth, phone numbers, email and postal addresses, and even driving license and social security numbers.
As well as more mundane items – like shopping lists and databases of customer feedback – were lists of passwords, credit card statements and divorce settlement agreements.
In a statement to Ars Technica, a spokesman for Microsoft said: ‘Docs.com lets customers showcase and share their documents with the world.
As part of our commitment to protect customers, we’re taking steps to help those who may have inadvertently published documents with sensitive information.
‘Customers can review and update their settings by logging into their account at www.docs.com’
To counter the problem, Microsoft initially removed the search function, but the information could still be found in Google’s cached search results, as well as Microsoft’s own Bing search engine.