OneDrive Leaks Photos via E-mail
loyall (2021, via Hacker News):
Today I received an email from OneDrive. The message said, “Look back on your memories from this day.” This email contained images of photos from my One Drive Backup. […] My question is how did someone gain access to my cloud documents and publish on the internet? What and how much do I need to be afraid of? What can I do to protect myself.😟
Apparently, OneDrive really does send these e-mails, exposing public links to thumbnails of private photos.
3 Comments RSS · Twitter · Mastodon
Thank you for posting this. I have purged several emails via the web app, which takes several attempts.
Also look for emails with the subject "your weekend recap".
For email novices, prefix your search query with "from:photos@onedrive.com" without the quotes.
Each day I'm happier and happier that I decided to put all my files inside a Crypromator container. It was a pain in the ass at first, but the peace of mind of not suffering from leaks like this was worth it.
OneDrive does (or at least did) do that, but the links to the images appear to have a 200-character at least somewhat random ID (so they're likely impossible to guess), and as far as I can tell, are only temporarily active. If I open old OneDrive emails, none of the images show anymore.
This does seem kind of a stupid thing to do, but not quite as stupid as it initially appears.