Google Docs is a popular web-based document editor and often used within teams to exchange data in documents with each other.
Each document can be viewed by anyone if the link ever gets referenced somewhere (for example chats, emails, screenshots, or recordings), indexed or leaked somewhere when the document's view permissions are not set properly.
A Google Docs link is easy recognizable, an example:
https://docs.google.com/document/d/{documentId}/edit
If the document is not meant to be public, cross-check your General Access settings for that specific file.
To do so:
- Open your Google Document file
- Click on File
- Click on Share
- Select Share with others
- A new popup will appear
- Make sure to select Restricted under General Access
- Finally, click on Done to save your settings
As you can see, in this example the full document link was shared (intentionally). This happens more often than expected.
Team members may occasionally share Google Documents with other co-workers and enable access for anyone. It also happens that they share direct link through various mediums (screenshots, screen recordings, emails, etc.)
If the document happens to contain sensitive company data or data that is meant for internal use only, you introduce the risk of it being accessed by unauthorized users.