Google Docs: error allowed unauthorised document access
Google has closed a vulnerability in its Google Docs service that could have allowed unauthorised access to documents. The problem was discovered when a Dutch company found that several users had unauthorised access to company documents. According to Google, only a small percentage of users were affected by the problem.
The problem occurred when a user selected several documents at once and changed the sharing permissions. Google Docs would then share all those documents with everyone who originally had access to only one. The issue was confirmed to have affected documents and presentations, but not spreadsheets.
Google has emailed users who were affected, providing details of the vulnerability and informing them that it has been fixed. Users are being advised to delete any suspicious documents and check access permissions for the documents they already own. Google said in its email "This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document".