Security: Privacy nightmare: Microsoft OneDrive gives AI chatbot full read access to user content Credit: Cybernews Cybernews A massive vulnerability in the implementation of Microsoft’s OneDrive File Picker exposes the entire user’s OneDrive content, the Oasis Security cyber research team uncovered. File picker is a Microsoft-provided tool for web or mobile apps to select user files directly from their OneDrive cloud storage when they want to upload or share them. However, according to the report, if the user uses the tool once to upload a single file to a third-party service, such as ChatGPT, Slack, Trello, or ClickUp, these tools gain access to all the files. Researchers estimate that hundreds of apps are affected and maintain this access for extended periods. “Millions of users may have already granted these apps access to their OneDrive. This flaw could have severe consequences, including customer data leakage and violation of compliance regulations,” Oasis warns. |
NewsErin Hunter2025-05-30T14:03:13-05:00