Microsoft Bug Deleting the Downloaded Files from Microsoft Teams and SharePoint files

Microsoft SharePoint and Microsoft Teams users report that the downloaded files are missing or moved to the Recycle Bin.

Microsoft Sharepoint administrators look into the issue, they find the SharePoint folder structure to be intact, but all of the files are missing. Ultimately, they noticed that the files have been deleted and are now located in SharePoint’s cloud recycle bin, or in some cases, a local PC’s Recycle Bin.

“We are missing hundreds of files. Strange was, that we were missing only files… folders were there. We found who deleted them (in the sharepoints recycle bin) but she claims that she did not delete anything. Because she is newcomer she was browsing through many files and she claims she found the files she opened in computer’s recycle bin the next morning”.

“Because the files, I’ve seen in her recycle bin, were deleted almost at the same time I would believe her as it would be impossible for a normal user to delete so many files in such a short timeframe. The only way to do that is to delete all folders, but only some files at some folders are deleted.”, a SharePoint admin posted to Microsoft’s community forums, looking for help.

James Watt, an IT consultant in Pennsylvania, After examining his client’s computers, he found that the SharePoint data had been deleted and was now located only in the various Recycle Bins.

Since all of the files confirm the same deleted time, were previously located in a variety of SharePoint folders, and the folder structure remained intact on SharePoint, a user couldn’t have accidentally deleted the data. Even stranger, when assisting some of his clients, he was finding that the SharePoint data was moved in some cases to the PC’s local Recycle Bin.

Ted Kinczkowski of Harbor Computer Services said via email that they experienced a similar issue where one of his clients reported that thousands of files were being deleted from SharePoint. He says he had to change the affected user’s password to prevent the data from being deleted.

While trying to access files, users are shown errors, such as the one below, stating that the file may have been deleted or that the user may not have permission to view it.

                                      Microsoft Teams error when trying to access files                  

After contacting Microsoft about the issue, James Watt was told it was related to the Microsoft advisories SP244708 (SharePoint) and OD244709 (OnDrive). Both advisories are the same and state that local copies of OneDrive for Business or SharePoint files will be restored after initiating a resync.

“Some users may have received some form of notification indicating that their files were deleted; such as a message from OneDrive stating “Remove files from all locations”, or a notice that their files were being removed from their synced folders and placed into a recycle bin.

Impacted users can manually initiate a resync to resolve the problem by restarting their machine or an automatic resync will occur within 24 hours. Subsequent file syncs will restore the files to the appropriate local folders.”.

The advisories state that “subsequent file syncs restore the files to the appropriate local folders.” Still, admins are not finding this to be the case and have to perform a manual restore. About this issue, Microsoft has not yet revealed any reason why this is happening.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Enormous Growth in RDP Attacks as Hackers Targeting Employees Working From Home

Hackers Can Exploit Windows RDP Servers to Amplify DDoS Attacks

RDP Attacks Reached Record Levels as More Employees Continue to Work from Home

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

AT&T Massive Data Breach – Affecting Nearly All Customers’ Call & Text Records

AT&T, one of the largest telecommunications companies in the United States, has disclosed a significant…

8 hours ago

FishXProxy Fuels Phishing Attacks with Clever Deceptive Attacks

Imagine receiving an email that looks legitimate, down to the last detail. This is the…

11 hours ago

Beware of Phishing Attack that Abuses SharePoint Servers

A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links.…

12 hours ago

Apple Warns of Users in 98 Countries of Targeted Spyware Attacks

Apple has alerted iPhone users in 98 countries about potential mercenary spyware attacks. This marks…

14 hours ago

Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability

Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).…

14 hours ago

4000+ Domains Used By FIN7 Actors Mimic Popular Brands

Russian-linked FIN7 (aka Sangria Tempest, ATK32, Carbon Spider, Coreid, ELBRUS, G0008, G0046, and GOLD NIAGARA)…

15 hours ago