Ouch. Microsoft handles it a little worse than Google. From the "Disclosure" section:
> We notified Microsoft about the security and
privacy risks of short OneDrive URLs on May 28, 2015. [...] “Brian” from Microsoft’s Security Response Center
(MSRC) informed us on August 1, 2015, that the ability
to share documents via short URLs “appears by design,”
and thus “does not currently warrant an MSRC case.” [...] Microsoft changed the API
so that the account traversal methodology [...] no longer appears to work.
As of this writing, all previously generated short
OneDrive URLs remain vulnerable to scanning and malware injection.
> We notified Google about the privacy risks
of short Google Maps URLs on September 15, 2015.
Google promptly responded to our report. As of September 21, 2015, newly created short URLs to Google Maps
have 11 or 12-character tokens and are thus not vulnera-
ble to brute-force scanning.
Ouch. Microsoft handles it a little worse than Google. From the "Disclosure" section:
> We notified Microsoft about the security and privacy risks of short OneDrive URLs on May 28, 2015. [...] “Brian” from Microsoft’s Security Response Center (MSRC) informed us on August 1, 2015, that the ability to share documents via short URLs “appears by design,” and thus “does not currently warrant an MSRC case.” [...] Microsoft changed the API so that the account traversal methodology [...] no longer appears to work. As of this writing, all previously generated short OneDrive URLs remain vulnerable to scanning and malware injection.
> We notified Google about the privacy risks of short Google Maps URLs on September 15, 2015. Google promptly responded to our report. As of September 21, 2015, newly created short URLs to Google Maps have 11 or 12-character tokens and are thus not vulnera- ble to brute-force scanning.