San Francisco — Search engine giant Google acknowledged that a privacy flaw within its free Google Docs online word processing service that inappropriately caused some private documents to be exposed, the company has confirmed. Just a small number of users was affected, and the issue has now been fixed.
Engineers discovered a flaw in the Google Docs of some of the users over the weekend, which was marked down as collaborative items, allowing third parties who are also signed up to the system to access and amend them, initially posting about it in the official Docs Help forum. The flaw, Google representatives believe, was limited to less than 0.05 percent of all documents within the system — and the files affected were exposed only on a limited basis. The flaw has now been fixed said the company.
“We have identified and fixed a bug where a very small percentage of users shared some of their documents inadvertently,” said the company in a blog posting.
“This inadvertent sharing was limited to a fraction of people with whom the document owner, or a collaborator with sharing rights, had previously shared a document,” explains Jennifer Mazzon, product manager of Google Docs.
The flaw did not affected all functions of Google Docs. Text documents and presentations could be accessed by others but spreadsheets could not. Google is contacting everyone who was hit by the problem.
“The issue affected a small number of users because it only could have occurred for a very small percentage of documents, and for those documents only when a specific sequence of user actions took place.”
That sequence of actions involved a user choosing more than one documents within his or her account, then making any type of adjustment to the files’ “share” settings. Both documents and presentations were affected. Spreadsheets, however, retained their appropriate privacy settings in spite of the flaw.
Nevertheless, the documents were shared only among people whom the Google Docs users had already shared documents, rather than with the world at large, but the problem represents one downside of cloud computing, in which Internet servers host software previously run on a person’s own computer.
The good news: If you did not receive an e-mail to the address associated with your Google Docs account, your account was not affected. Google directly contacted each user whose documents might have been compromised, indicating within the message specifically which files may have been shared.
“We are sorry for the trouble this has caused,” Mazzon says. “We understand our users’ concerns — in fact, we were affected by this bug ourselves — and we are treating this very seriously.”
This illustrates the flip side of a cloud-computing benefits, that a person can get access to those documents from any Internet-connected computer or smartphone, is that technical problems or hacking attempts also can expose private information.