Users of Microsoft Office 365 leaking their data onto Bing and Google after 'over sharing'

Office 365 users inadvertently sharing their documents with all and sundry

Users of Microsoft Office 365 are leaking sensitive documents online because they don't understand how the sharing function in the cloud-based office application suite works.

Passwords and health information were among the documents found via Docs.com, the search engine element of Microsoft's online Office suite.

Security architect Kevin Beaumont revealed the problem in a series of tweets in which he outlined some of his findings.

Microsoft has already said it is "working on" a solution. It took down the search box from docs.com but it has since reappeared without a fix for the problem.

A statement from Microsoft said: "As part of our commitment to protect customers, we're taking steps to help those who may have inadvertently published documents with sensitive information."

"Customers can review and update their settings by logging into their account at www.docs.com"

The problem comes in the way that sharing of documents is handled. The default is to share a document with all and sundry, and that makes it available for public indexing.

To share with a private group, you have to specify the group or individuals within it separately. The same is true of other sharing services, like Dropbox and Google Drive, but they don't seem to be leaking information in the same way.

According to the BBC, further investigations have revealed that the information not only remains freely available, but has also been cached on both Google and Bing, and is still available even after deletion.

Information including National Insurance numbers, social security details, banking details and passwords were among the nuggets found by the white-hat community, which began exploring the exploits after Beaumont unearthed them.