Microsoft secretly alters files in OneDrive for Business


Microsoft's OneDrive for Business cloud-based storage service has been altering people's files when syncing, either due to a bug or a deliberate policy by the software giant.

The problem was discovered by storage technology researcher Seán Byrne, who posted about it in a Myce blog post.

He experienced an endless loop when trying to sync files on OneDrive, despite following Microsoft's recommendation of clearing the cache.

When he later ran MD5summer to create MD5 hashes of synced content, he discovered that most of the files returned "Checksum did not match" errors.

Altered code

While Byrne could not see any obvious signs of damage or alteration to his files, he finally hunted down some PHP files that had additional code injected into them, which he says he is certain that neither he nor anyone else changed.

To test if this was a once-off error, Byrne then created some basic PHP and HTML files and synced them in his OneDrive for Business folder. As expected, the files were altered with new code.

Other altered files include popular extensions for Word, Excel and Publisher, which contained code that Byrne believes has been added to identify companies and specific users.

The revelation will raise doubts among many enterprise users over Microsoft's ability to ensure the integrity of files stored in its OneDrive for Business service. The problem does not affect the consumer version of OneDrive.

Via Collaborista