Your Data could be going all over the ruddy shop

MICROSOFT OFFICE 365 users are inadvertently sharing sensitive documents because they don't understand the way sharing works.

Passwords and health information were also found through docs.com, the search engine element of Microsoft's online Office suite.

Kevin Beaumont revealed the problem in a series of tweets in which he outlined some of his findings.

.@InvertedLina there's loads. People clearly don't understand how the service works. It defaults to Publicly accessible, which is the prob. — Kevin Beaumont (@GossiTheDog) March 27, 2017 Google still index https://t.co/3TC07CB8gE. In fairness to Docs team it clearly says Publicly Viewable when publishing content. pic.twitter.com/7B63r0B9gH — Kevin Beaumont (@GossiTheDog) March 26, 2017

Microsoft has already said it is "working on" a solution. It took down the search box from docs.com but it has since reappeared without a fix for the problem.

A statement from Microsoft said: "As part of our commitment to protect customers, we're taking steps to help those who may have inadvertently published documents with sensitive information.

"Customers can review and update their settings by logging into their account at www.docs.com."

The problem comes in the way that sharing of documents is handled. The default is to share a document with all and sundry, and that makes it available for indexing. To share with a private group, you have to specify the group or individuals within it separately. The same is true of other sharing services like Dropbox and Google Drive, but they don't seem to be leaking information in the same way.

According to Auntie Beeb, further investigations revealed the information was not only freely available, but still cached on both Google and Bing after deletion.

Information including National Insurance numbers, social security details, banking details and passwords were amongst the nuggets found by the white-hat community which began exploring the exploits after Beaumont unearthed them.

Of course, Microsoft products falling foul of insufficient explanation is nothing new.