Security News > 2020 > May > Office 365 exposed some internal search results to other companies

Office 365 exposed some internal search results to other companies
2020-05-20 12:48

The Register reported that an admin was told that their company's internal search results had been made visible when queries were run by users from another company.

At no time were the files that were displayed accessible to the user who received the incorrect search results.

It's not clear how many accounts were caught up in the incident but Microsoft is said to have made available the URL paths and metadata associated with the results so admins could "Identify the exact search query results data which were inadvertently viewed."

More broadly, is Microsoft 365 security as watertight as it could be? The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency recently drew attention to the security of Microsoft 365.

Office 365's search issue is minor but disconcerting.


News URL

https://nakedsecurity.sophos.com/2020/05/20/office-365-exposed-some-internal-search-results-to-other-companies/