Wednesday, August 13, 2014

Google Drive Leaks Users Personal Data

Google Drive Leaks User Personal Data

A new privacy problem within Google drive has been found; it resulted in personal data being exposed to unauthorised parties. The security problem has now been fixed by Google, but it now shows us how easily our private data can be leaked out of cloud storage, the problem was allowing “anyone who had the link” to access our personal data with no further authentication. How it works: Basically the flaw was open to anybody who had a clickable URL on their cloud file sharing service. If you or anyone you shared permissions to this file clicked on the URL then the owner of the third party website would be able to see a referrer URL, and if they accessed that URL then they would potentially be gaining access to your private and sensitive information.

Google explained that only a “small subset of file types” in Google drive where affected by this flaw and it was fixed as soon as possible.

The issue only affects you if all the following apply:

The file was uploaded to Google drive

The file was not converted (i.e. it remains as its original format e.g. .docx, pdf etc)

The owner enabled the sharing setting “anyone with the link”

The file contained URL’s (hyperlinks) to third party HTTPS website(‘s)

It would be smart to copy any previous files placed into the Google drive and delete the original copy to ensure that your personal data is once again safe.