OneDrive’s Security Blunder: How a Simple File Upload Could Expose Your Entire Cloud

Microsoft’s OneDrive File Picker has a security flaw that could let websites snoop through your entire cloud storage, not just the files you picked. It’s like giving a house tour and finding uninvited guests rummaging through your closet! Until a fix arrives, consider limiting file uploads via OneDrive to keep your data safe.

3P
Published: May 28, 2025 2:58 pmAdded: May 28, 2025 at 8:26 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that OneDrive’s File Picker could double as a backdoor to your life’s work? Microsoft might be inadvertently hosting a cloud party where everyone’s invited, and no one RSVPs. Time to rethink what files get to hang out in your cloud space!

Key Points:

  • Security flaw in Microsoft’s OneDrive File Picker allows potential access to entire cloud storage.
  • Flaw arises from overly broad OAuth scopes and misleading consent screens.
  • Apps like ChatGPT, Slack, Trello, and ClickUp are affected due to their integration with OneDrive.
  • OAuth tokens are insecurely stored in plaintext within browser sessions.
  • Microsoft has acknowledged the issue but hasn’t provided a fix yet.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?