Shared files sent via Google Drive could have shared more than their senders intended, Google admitted this week – in a Google Drive privacy post where the internet giant admitted that certain file types could be visible to people other than their intended recipients.
Google recently updated Drive with tools to make it more appealing for business, but the storage system is already commonly used in business to share and edit files. Google has issued detailed instructions for Google Drive users who fear they may have shared confidential information.
Google has patched the Google Drive privacy problem, and issued detailed instructions on what file types are affected (files created in other programs and stored unconverted in Google Drive, and shared with ‘anyone who has the link’).
Infoworld says, “Google’s handling of the matter is further evidence that the company has a good nose for how to deal with such exploits. But here’s also hoping Google applies the lessons from this discovery to all its services.”
Veteran security researcher and We Live Security contributor Graham Cluley, writing on the Intralinks blog, says that the leak, “underlines the unexpected dangers which can arise from allowing “anyone who has the link” to access your private data without further authentication.”
Google’s Drive privacy post explains which files may be at risk – yours are only at risk if they fulfill ALL of the following conditions;
If this is the case, admins on the third-party website may have been able to see a URL which allowed them to click through to sensitive data.
Cluley points out that in certain business scenarios – such as corporate takeover bids – this could plausibly have resulted in the target of such a bid being able to read the details freely online.
Google has patched the issue – so that any documents shared via the service going forward will no longer be affected by the privacy problem.
This, however, does not affect documents that have already been shared via the service. Google Technical Program Manager Kevin Stadmeyer advises, “If one of your previously shared documents meets all four of the criteria above, you can generate a new sharing link with the following steps:
In its guide to using Google Drive privately, the company advises users to make sure that documents are shared correctly – i.e. users should think carefully about whether ‘anyone who has the link’ is an appropriate setting for a confidential file…
Author Rob Waugh, We Live Security