English
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek
This OneDrive Flaw Might Share Your Entire Drive With ChatGPT, Slack, More
A recently identified security flaw in Microsoft OneDrive's file-share function may have given third-party services access to your entire cloud backup rather than just one individual file.Oasis Security says vague language in OneDrive's File Picker feature suggests people are only sharing access to one file. However, millions might have shared access to entire accounts across multiple services, and some of those services may still have access to files. Supported services include ChatGPT, Slack, Trello, Zoom, and hundreds more. OneDrive, meanwhile, houses files from users' Microsoft accounts, so this issue may have exposed data such as PDF documents or photographs alongside other files."The official OneDrive File Picker implementation requests read access to the entire drive—even when uploading just a single file—due to the lack of fine-grained OAuth scopes for OneDrive,” Oasis Security says. "While users are prompted to provide consent before completing an upload, the prompt’s vague and unclear language does not communicate the level of access being granted, leaving users open to unexpected security risks."Recommended by Our EditorsOasis explained how permissions work using ChatGPT. The request reads, "ChatGPT will be able to open OneDrive files, including files shared by you." For many users, this may suggest it only has access to the exact files shared, but it gives the app access to your entire cloud backup.The permissions given to ChatGPT when connecting with OneDrive.Oasis Security told Microsoftabout the flaw before sharing it, and Redmond said it is considering a fix. However, there is no clear roadmap for when it will arrive. We asked Microsoft for comment.How to Secure Your Data, Revoke Permissions on OneDriveYou may want to ensure your information is locked down so these services can't access private or confidential docs. To do that, go to your Microsoft account and head to Privacy in the left-hand corner. Here you’ll find an option called App Access, which will display a list of applications you’ve given permission to access your account.Here, you can see which individual permissions you’ve given each application. If you want to remove a service, click Stop Sharing. This may take up to an hour to take effect.
#this #onedrive #flaw #might #share
This OneDrive Flaw Might Share Your Entire Drive With ChatGPT, Slack, More
A recently identified security flaw in Microsoft OneDrive's file-share function may have given third-party services access to your entire cloud backup rather than just one individual file.Oasis Security says vague language in OneDrive's File Picker feature suggests people are only sharing access to one file. However, millions might have shared access to entire accounts across multiple services, and some of those services may still have access to files. Supported services include ChatGPT, Slack, Trello, Zoom, and hundreds more. OneDrive, meanwhile, houses files from users' Microsoft accounts, so this issue may have exposed data such as PDF documents or photographs alongside other files."The official OneDrive File Picker implementation requests read access to the entire drive—even when uploading just a single file—due to the lack of fine-grained OAuth scopes for OneDrive,” Oasis Security says. "While users are prompted to provide consent before completing an upload, the prompt’s vague and unclear language does not communicate the level of access being granted, leaving users open to unexpected security risks."Recommended by Our EditorsOasis explained how permissions work using ChatGPT. The request reads, "ChatGPT will be able to open OneDrive files, including files shared by you." For many users, this may suggest it only has access to the exact files shared, but it gives the app access to your entire cloud backup.The permissions given to ChatGPT when connecting with OneDrive.Oasis Security told Microsoftabout the flaw before sharing it, and Redmond said it is considering a fix. However, there is no clear roadmap for when it will arrive. We asked Microsoft for comment.How to Secure Your Data, Revoke Permissions on OneDriveYou may want to ensure your information is locked down so these services can't access private or confidential docs. To do that, go to your Microsoft account and head to Privacy in the left-hand corner. Here you’ll find an option called App Access, which will display a list of applications you’ve given permission to access your account.Here, you can see which individual permissions you’ve given each application. If you want to remove a service, click Stop Sharing. This may take up to an hour to take effect.
#this #onedrive #flaw #might #share
·128 Views