Fortune 100 sites leaking sensitive data

By Derek Sooman on December 19, 2005, 8:09 PM
Newly published research has unveiled that the websites of many Fortune 100 firms host publicly accessible files that reveal potentially sensitive data such as user names and email addresses. The research analysed Microsoft Word, PowerPoint and Excel files available on the websites of some of the world's biggest firms, and has found that thousands of user IDs and email addresses, comments and track changes, and hundreds of PowerPoint files were available.

The study conducted for Bitform, a software component developer of tools for content inspection and security, analyzed 8,038 files for more than two dozen specific types of metadata and hidden information which have the potential to expose proprietary or confidential information, breach corporate policies and open security holes.

It warned there are "thousands of instances" of information exposure that was likely not intended to be made public. One such instance was a white paper from a computer manufacturer containing comments intended for internal review only, which acknowledged scalability limitations of a partner product.

The researchers behind this study have suggested that this problem is more severe for smaller companies that don't have the resources or processes to review the information that is made available to the public.




User Comments: 32

Got something to say? Post a comment
smtkr said:
I have not done a study of my own, but I think Intel does this the right way, with an intranet portal that is separate from the public intel.com. It doesn't really matter though, as most people carry sensitive data in and out of Intel. Once employees' laptops are outside the network, all of that sensitive data is vulnerable. I know plenty of employees who have spyware infesting their company computers.
zephead said:
somehow i'm not surprised this is being discovered...as i understand it this has been going on for years. it just goes to show you how the internet has affected the security of so-called 'private' information.
Bartzy said:
Couple of months ago, there was a show on Television about that. They showed how vulnerable big firms really are, and it is quite shocking. Internal information is accessible easily, and sometimes bad things occur. Companies just don't take this things too seriously (until something really bad is happening). Take Valve for example. Half-life 2 codes were leaked outside of the companies computers, and the game was delayed for months because of that.
mofoed said:
Agreed, most companies don't go through the process of data security enough to prevent things like this from happeneing, until of course something does happen.
vigilante said:
Seems like an easy problem, just keep the personal data non-web-accessible. But apparently that must be very difficult.This is why I will probably never trust any online company to keep my personal data "safe". And why I don't embrace this so called "live" software where your data AND programs run entirely off the Internet, requiring NO locally installed programs or data store. It just scares me.
PanicX said:
These problems are compounded even more by user unwareness and deceptive software practices. The fact that Microsoft Office products hide metadata in their files is a horrible security nightmare. I can't blame a user on my network for sending out an Excel spreadsheet in email or hosting a powerpoint slideshow on a website. They don't knowingly put sensitive information in these documents. The problem stems from the software writing sensitive information into the files metadata without notifying the user. [url=http://www.addbalance.com/usersguide/metadata.htm]Here you can find a good article about keeping your office documents clean[/url]
dbuske said:
I am beginning to think that it is impossible to make a secure website of application.This analogy fits perfectly: They put money in fortress like vaults to keep the honest people honest. A professional has ways to get in no matter what steps are taken to stop them.I really think to keep credit card #'s and account #'s on-line is very dangerous. I don't think they can keep the data safe.
mentaljedi said:
I don't care about the big companies. They're too big headed so if they don't realise whats going on, tough luck! As for us, i wouldn't care so much if my email was leaked (got lots of spam anyway) but credit cards? DON'T GO THERE!!!
osram said:
Errr. Well i do care about User Privacy. If companies dont care about securing the privacy of their customers its only confirming global situation: poor people get stuck in the nets of law.. and the rich ones can do what they want.things are getting worse and worse.. it is a very critical time. And if such issues are put on a light shoulder and are taken easy we can just see where "spying on normal people" will lead to. control. manipulation etc.george orwell's 1984, i dont want to be a panic emo kid, but just dont go for the soap lieing on the shower-floor.. as he will raise from the dead and give all the ignorants some good from behind. o.X
barfarf said:
This is so true i was using a website copier program to download an entire conmpanies website. I only wanted to look at the css source code to understand how they did a certain design feature on their main webpage. Well the next thing i know i have all these powerpoint and excel files. I just deleted them but i bet there was no-no info in the meta data.
PUTALE said:
with nowaday our information is being stored in a lot of places, it's always a big risk that someone/ somewhere, some companies will "accidentally" leaking the info. I think it just to show that the insecurity of the computer software.
OmniWraith said:
Hey. Great News! Instead of selling one's personal info. like passwords, usernames etc. to certian companies, let's just make it readily available to anyone that visits the website! So much for trustworthyness umong online businesses.
subin_tc said:
This is so true i was using a website copier program to download an entire conmpanies website. I only wanted to look at the css source code to understand how they did a certain design feature on their main webpage. Well the next thing i know i have all these powerpoint and excel files. I just deleted them but i bet there was no-no info in the meta data.
anas_t said:
People sell this for money .. I bet a lot of spam masseges came from them actually because they sell our e-mail addresses to companies
zachig said:
I'm 100% sure that our email addresses are being sold on the internet. It's a known fact.I'm also not surprised to see than Word/Excel/Powerpoint files from a lot of companies can be found in the Internet. This is part of the well-known 'Industrial-Spying' that's going on in the recent years.And this problem is just getting bigger and bigger :-(
Eko said:
A despicable character, Heinrich Himmler, once said: Two man can keep a secret, if one of them is dead. Unfortunately, with the evolution of the computers, we are now spied easily, since the communications have such a large growth lately. What, you really thought you have something private on the Internet ?! Laughable. Just remember how many times you've heard about credit card thieves, fraudes and so on. Best way to protect: Stay off the Net with the private info :)
Reformado said:
A friend of mine said once:Amazing the ability of MEN of dreaming.But really amanzing itīs his ability to make those dreams come true!
Mark Steele said:
Over the last couple of weeks I have experienced a large increase of Spy/ Malware & Trojan activity... its been a daily battle to keep on top.These were detected with Norton Antivirus Corporate edition and Spybot.... I had a hard time getting rid of "IBM000001.exe" or the remains of it any way... finally I used XoftSpy...Spybot did resolve this issue, even though it was up to date. XoftSpy also found a dozen other nasties hiding in there.... I there for recommend this to any one experiencing this type of problem.
Cy6erpuke said:
Not a big surprise! Everyone is going webcentric. In order to access everything from everywhere, the challenge will always be security and confidentiality. Yet another example of a great idea, without careful planning, making someone look like an *****.
jimoer said:
For sensitive data security they need to develope a barcode system for laptops when the person leaving the security of the sensitive company they work for slip the laptop through a scanner encripting, disabling all delicate matters.
wolfgrw said:
A californian nanotech based company, Calmec, [url]http://www.calmec.com/company.htm,[/url] has built a small device that can contain up to 2000GB!!:DIt has only a cubic inch of size!!:DThe Future is small, very very small!!:D
loon69 said:
just joined hope to enjoy the experience
rwmassey said:
I be trying to win the new vid. Card, wish me luck ok.
wkozey said:
Would it not be easier with less worries if sensitve data was kept someplace safe like not on a computer that has internet access and only the persons authorised to view such data had access to it.
minis_z said:
techspot.com Love itcool.. im want 7800GT!! hope i can win this videocard <3!!
djleyo said:
great!!! thank you T.S. for the non-geographycal restriction!!!!i want soo bad this card hope luck is on my side....djleyo
tonyd123 said:
hope to win the card, had to put my old one back in, the new upgrade self-destructed after 2 months .hope its nothingto do with this worm!!! ha ha
Adwin said:
This is why you don't go around using microsoft software. Get a decent linux install and you won't have to wory about any security issues, as long as you have some decent rules defined in iptables.
kkruse said:
Hook me up with a 7800 GT please??!?!?!?!?
Thebrownknight said:
Heard rumor that Russian company starting G-card making. Anybody hear anything?
ema_eslam said:
we all are winer
ema_eslam said:
i like that i really want to win it
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.