Microsoft had to warn a subset of Office 365 administrators over the weekend that their organisation might have inadvertently featured in an outsider’s internal search results.
Register reader Dusty shared the notification, which read: “Under extremely rare circumstances, users performing internal search queries may have received search results from another organization.”
Yowzer. That is quite the blunder.
The notification went on to explain: “At no time were the files that were displayed accessible to the user who received the incorrect search results.”
Thank heavens for small mercies. The warning added that refreshing the page or performing “any other actions” removed the incorrect data and replaced it with the correct results from the search query.
Kind of like an Office 365 version of Chatroulette. You never know what you might see. Hit refresh and the horror is gone.
The notification went out to those affected and was preceded by some PowerShell script to view the title and URL paths associated with the results. Tenant administrators were advised to run the commands “to identify the exact search query results data which were inadvertently viewed”.
A selection of unique IDs was also provided.
In a slightly pantomime-esque turn of events, the initial PowerShell notification was removed and then resent later today. “Admins coming into the office Monday morning,” said Dusty, “were dismayed and confused by the incomplete information.”
The Register understands that the problem was a transient one and can’t be reproduced by users. A spokesperson from the Windows giant told us: “The issue has been resolved. At no time were contents of search results accessible.”
Clicking something in the results would have thrown an authorisation error or simply cleared them, we understand.
Hands up all those who have accidentally done a SQL outer join and sat baffled at the results before hideous realisation dawned? Not that we’re suggesting this is what happened here – Microsoft remains tight-lipped about the cause – but we like to show a bit of empathy every now and again. Just as those few customers who found themselves briefly staring at another organisation’s results will do as well… Microsoft hopes. ®