When sharing a folder with a password, notification exposes images in body of email

Copper Contributor

When sharing a folder with a password, the email notification will sometimes contain images from that folder in the body of the email. This could result in a data leak as these images are exposed via a publicly available URL and because email is considered an insecure medium. This functionality does not appear to be optional, as I could not find a way to turn it off. I've had trouble reproducing the issue reliably. It seems randomly the email notification will contain images from the shared folder.

 

Requested change: allow user to turn off this incidental photo sharing in email notification for protected folders.

 

Reproduce:

1. In OneDrive, right click on a folder that contains pictures.

2. Click share a folder -> Share Settings -> Set "can view" and set a password -> Apply.

3. Send to an email.

4. Check the received email. The email notification will contain a random subset of pictures from the folder. The picture(s) URL can be accessed universally. When attempting to access the folder itself, OneDrive requires a password.

0 Replies