A friend recently told me that the artificial intelligence she uses occasionally asks her: “How is your baby?”. That is what happens when you share personal information with an AI. The chats become weird and perhaps scary if you actually believe AI is sentient.
Even if you don’t believe AI is sentient, I assume you wouldn’t want it to have access to your banking data. Would you?
💵💰Don’t miss the move: Subscribe to TheStreet’s free daily newsletterđź’°đź’µ
Having your data in “the cloud” has become the norm. It does not matter whether you use an iPhone with iCloud or an Android with Google Drive; your device is almost inevitably connected to a cloud service.
It probably makes you feel your data is safer because even if your phone is destroyed in an accident, it is still in the cloud. The convenient sharing of files must be the “killer feature” for photography lovers.
Once companies figured out they could make more money by selling their software “as a service”, instead of selling it as a product you pay for just once, we got into the wonderful world where we can’t avoid using so-called webapps.
Good examples are Slack, Trello, ClickUp, Zoom, and, of course, ChatGPT. Yes, Slack can be installed as an application, but it is actually just a browser with one tab open and a lot of makeup. These services often offer integration with cloud storage services so you can share some of that data with them.
Microsoft’s popular OneDrive may have a security flaw.
Getty
Microsoft’s OneDrive under scrutiny
Microsoft CEO Satya Nadella said in October 2015: “More than half a billion people manage their documents and photos in OneDrive.” As the company does not release usage data, that 10-year-old quote from Computerworld is the best available estimate of the number of OneDrive users. It is probably a lot smaller than the real number.
Related: Palantir gets great news from the Pentagon
Because Microsoft (MSFT)  doesn’t give any data specific to OneDrive, we have to rely on the data for Microsoft 365 products. Here are some interesting numbers from its earnings report for Q3 of fiscal year 2025:
Revenue was $70.1 billion and increased 13% year over year.Net income was $25.8 billion and increased 18% YoY.Microsoft 365 commercial products and cloud services revenue increased 11% YoY.Microsoft 365 Consumer products and cloud services revenue increased 10% YoY.
Again, we don’t have the exact numbers, just the total revenue, but the revenue from 365 services is growing steadily. Considering how much money it is making and that many businesses are using it, OneDrive must be very secure, at least that is what you’d expect.
When two apps have “integrations”, we can say that both of the apps “integrating” represent non-human identities working together.
Oasis Security is a private company specializing in the management and security for non-human identities. Non-human identities are any software process, application, service, or machine that can interact with another.
On May 28th, they published an alarming research paper on Microsoft’s OneDrive.
Web apps may access all files in your OneDrive
Oasis researchers discovered that whenever you upload files from your OneDrive to a web app like ChatGPT or Slack, OneDrive’s file picker requests read access for the entire drive. This means that even when you upload a single file, the app gets access to all your files.
More Tech Stocks:
Palantir gets great news from the PentagonAnalyst has blunt words on Trump’s iPhone tariff plansOpenAI teams up with legendary Apple exec
This is the scenario where if you have banking documents on your OneDrive and you intend to give ChatGPT access to some unimportant text file, as a bonus, it gets access to the banking files, too, and whatever else you have there. And the best part—the permissions are valid for at least an hour. The company estimated that hundreds of apps are affected, not just the ones mentioned.
According to Oasis, they reached out to Microsoft, “which took note of the report and may consider improvements in the future”.
If you use OneDrive, you should check which apps have access to it and revoke any suspicious apps.
Oasis provided instructions on how to check your personal OneDrive accounts:
Log in to your Microsoft Account.In the left or top pane, click on “Privacy”.Under “App Access”, select the list of apps that have access to your account.Review the list of apps, and for each app, click on “Details” to view the specific scopes and permissions granted.You can “Stop Sharing” at any time. Consider that an Access Token takes about an hour to expire regardless of when you clicked stopped sharing. This would however revoke a Refresh Token if present.
Overall, when protecting your data, think deeply about giving apps access in the future.
Related: Analyst resets Nvidia stock price target after CEO slams U.S. chip policy
