Google Drive file shared publicly
Description
AlphaSOC detected that a Google Drive document was made publicly accessible. This occurs when sharing settings are changed to allow anyone with the link to access the document, making it discoverable and accessible to anyone on the internet.
Impact
Public documents can expose sensitive organizational data to unauthorized parties. Adversaries actively search for publicly shared documents to discover confidential information, credentials, or intellectual property. Public sharing may also violate data protection regulations and compliance requirements.
Severity
| Severity | Condition |
|---|---|
Medium | Google Drive document made public |
Investigation and Remediation
Review Google Workspace audit logs to identify which document was made public, who changed the sharing settings, and when the change occurred. Assess the sensitivity of the exposed content.
If the public sharing was unauthorized, immediately restrict the document's sharing settings. Review access logs to determine if the document was accessed by unauthorized parties during the exposure period. Implement data loss prevention (DLP) policies to detect and prevent public sharing of sensitive content.
Known False Positives
- Documents intentionally shared publicly for marketing or communication
- Templates or resources designed for public access
- Collaboration scenarios requiring broad access