Some of the reactions:
- A massive blunder on Google's part
- Highlights why cloud-based services scare many people
- Estimates that it affected over 200,000 documents
- It doesn't paint a great future for cloud computing in general
- You can't expect commercial levels of security when you are not paying for the software
- You get what you pay for
As we noted in the Google Docs Help Forum yesterday, we've identified and fixed a bug where a very small percentage of users shared some of their documents inadvertently. The inadvertent sharing was limited to people with whom the document owner, or a collaborator with sharing rights, had previously shared a document. The issue affected so few users because it only could have occurred for a very small percentage of documents, and for those documents only when a specific sequence of user actions took place.In addition, the fix to the problem that Google rolled out was not without its own side-effects, as some permissions got removed:
For this small percentage of documents, the bug (now fixed) occurred when the document owner, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and then changed the sharing permissions. The bug did not affect spreadsheets.
We're sorry for the trouble this has caused. We understand our users' concerns (in fact, we were affected by this bug ourselves) and we're treating this very seriously.
If neither you nor your collaborators remember removing people from the document in the last 24 hours, it's likely that the removal was the result of a fix to an issue that we released late last night. This bug (now fixed) affected a small percentage of users who may have shared permissions between some documents in their account without their knowledge. This inadvertent sharing happened only when the document owner, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. (This issue didn't affect spreadsheets.) As part of the fix, we used an automated process to remove collaborators and viewers from the documents that we identified as being affected. We apologize for the inconvenience of having to re-share your docs. We have sent notifications to the owners of impacted docs, informing them of this fix.Perhaps they should have tested more.
And perhaps you need to think twice before trusting your important information with "the cloud".
see also:
http://blogs.wsj.com/digits/2009/03/08/1214/?mod=rss_WSJBlog?mod
http://www.computerweekly.com/Articles/2009/03/10/235216/google-docs-security-its-free-what-do-you-expect.htm
http://www.itbusinessedge.com/cm/community/news/sec/blog/google-admits-privacy-glitch/?cs=30970
http://www.independent.ie/business/technology/googlersquos-docs-software-exposes-documents-on-web-to-other-users-1666443.html
http://news.cnet.com/8301-17939_109-10191463-2.html
http://www.techcrunch.com/2009/03/07/huge-google-privacy-blunder-shares-your-docs-without-permission/
http://www.webpronews.com/topnews/2009/03/09/google-docs-privacy-glitch-accidentally-shares-documents
http://blogs.zdnet.com/Google/?p=1308
http://googledocs.blogspot.com/2009/03/on-yesterdays-email.html
http://www.google.com/support/forum/p/Google+Docs/thread?tid=2ef115be2ce4fd0e&hl=en
http://www.pcadvisor.co.uk/news/index.cfm?newsid=112426
http://techfragments.com/news/607/Tech/Google_Docs_Privacy_Vulnerability_Under_Control.html