back to article Microsoft gives Office 365 admins the heads-up: Some internal queries over weekend might have returned results from completely different orgs

Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider's internal search results. Register reader Dusty shared the notification, which read: "Under extremely rare circumstances, users performing internal search queries may have …

  1. My other car WAS an IAV Stryker

    But El Reg didn't use the poll-leading "Micros~1" moniker.

    Nothing like that ~# ambiguity to parallel with those wrong search results.

  2. Pascal Monett Silver badge
    Trollface

    "Under extremely rare circumstances"

    So it was a million-to-one chance, and we all know that it happened 9 times out of 10.

    No biggie, right ?

  3. Claptrap314 Silver badge

    How?

    Did they misplace a session id? Did cosmic rays interfere with a post-auth-check user id? Sun spots?

    1. Anonymous Coward
      Devil

      Re: How?

      COVID-19, the all encompassing excuse.

    2. Anonymous Coward
      Anonymous Coward

      Re: How?

      Because everything is a GUID, and they're not U.

  4. Anonymous Coward
    Anonymous Coward

    Kind of like an Office 365 version of Chatroulette.

    Vids of Clippy beating off?

    1. tony trolle

      rule 34

      https://www.reddit.com/r/rule34/comments/8cww7d/clippy_rule_34/

      1. Anonymous Coward
        Anonymous Coward

        Re: rule 34

        Needs both an upvote and a downvote.

      2. big_D Silver badge

        Re: rule 34

        Argh! NO! Hand the eye-bleach stat!

      3. Claptrap314 Silver badge

        Re: rule 34

        My mind feels a very strong compulsion to check. My eyes are screaming, pleading, yelling, and grabbing a tire-iron to stop it.

  5. Volta

    Metadata *is* data

    They've leaked user data. This should be treated as the critical breach of information security that it is. No sympathy for this being hard to get right, that's a key piece of what I'm paying them literally millions of dollars a year to do.

    1. Anonymous Coward
      Anonymous Coward

      Re: Metadata *is* data

      So are file names.

    2. jake Silver badge

      Re: Metadata *is* data

      Out of curiosity, why are you continuing to pay them all that money? They have had decades to get it right, and yet somehow they never have. Their shit constantly leaks, has never been secure, and has never really worked right. Release after release after release. For decades. Yet you continue to pay into their brokenware. Are you a glutton for punishment? Or is it simply a case of hope springs eternal?

      1. big_D Silver badge

        Re: Metadata *is* data

        Not only them. I think just about every cloud out there has had some form of breach over the years.

        The problem is, if it is your data behind your firewall, you have somebody you can shout at and, in the worst case, fire. With the big clouds, they just give a shrug of their Teflon-coated shoulders and carry on as if nothing happened.

    3. big_D Silver badge

      Re: Metadata *is* data

      And search results often have a line or so of text from the document being searched for.

      Microsoft proves that data in the cloud isn't yours, or isn't yours alone...

  6. man_iii

    Data source segregation and multi-tenancy

    When managing co-located facilities you might want to ensure that there is sufficient separation of network data and app layers not to allow any cache sharing. It might cost extra to have multiple instances for multiple customers but at least you did the sane thing of keeping the actual data not just logically separate but somewhat isolated at least. It is like using 127.0.0.1 for all customers and wondering why everyones data is exposed...

  7. seven of five

    Come to the cloud, they said.

    It will be great, they said.

    But look how much we saved.

    1. ovation1357

      Re: Come to the cloud, they said.

      Those first two sentences are word-for-word what I was going to say.

      I'd add that I've learnt a mantra from the great commentards of El Reg which is simply: There is no cloud, only someone else's computer!

      I'm not at all surprised that this has happened. You put a bunch of private stuff from several different customers on the same physical hardware and it's only a matter of time before there's a leak due to a human error or some unforeseen bug.

  8. razorfishsl

    The issue is if this relates to critical systems like Airplanes, medical or financials.....

    so you think there are 300 planes in the air becasue that's what the systems says...... but really it was a local retailer re-stocking on Tampax....

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like