Security researchers have identified a security vulnerability in how certain apps and websites access OneDrive files, which could potentially expose users’ data to broader access than intended.
Risks of Excessive or Overly Broad Permissions
OneDrive is Microsoft’s cloud storage service that allows users to store, sync, and share files across devices, making it a popular tool for both personal and professional use. Recently, security experts from Oasis Security have found that many third-party apps and websites that connect to OneDrive request broad permissions, granting access to all your files instead of just the ones you choose. This happens because of limitations in the Microsoft permission system. And when you approve an app or website to access your files, the prompt often isn’t clear about what exactly you’re allowing, which can lead to more data exposure than one realizes.
This vulnerability could have serious implications, including accidental leaks of sensitive information or privacy breaches. For example, an app that you thought only needed access to one document or specific files might actually be able to see your entire file collection.
Protect Your Account
There are some steps you can take to review and manage your permissions. You’ll want to go to your account settings then Apps & Services access. To review:
- First, log in to your Microsoft Account at account.microsoft.com.
- Go to “Privacy” and then “App Access” or “Apps & Services.” Review the list of apps and websites that have access to your account. If you spot anything unfamiliar or no longer needed, revoke access.
It is also important to be cautious when granting permissions during file uploads on websites. If a site asks for access to your files, consider whether you trust it fully—even if you only intend to work with specific files.
An alternative that can help protect your entire account is to share individual files via view-only links, rather than granting broad access. However, this may make file sharing slightly more cumbersome.
Staying vigilant—by regularly reviewing your app permissions and keeping your software up to date—is key to keeping your data secure. If you’re part of a company or organization, your IT team should also review (regularly) permissions for any connected enterprise apps.
This discovery underscores the importance of carefully managing app permissions and staying vigilant. While Microsoft is actively working to improve its permission systems, users can help safeguard their information by staying informed, regularly checking their account access, and being cautious with permission requests. Proactive management is one of the most effective way to keep your data secure.
Leave a Reply