There is a huge security loophole Tencent document, document images directly open on the Internet, anyone can be accessed directly.
Software address https://docs.qq.com 
Tencent recently used documents found inside the picture does not do any security restrictions, anyone can guess to address directly open. Inside the pictures just do a bit of anti-hotlinking it.
Ways of identifying
1, after a new document, insert a picture in it, then right-click and then the picture above, the Copy Image URL
2, New incognito window open a browser, or to your friends, open a browser. Pictures can be found directly accessible, even if you set a document to "private."
3. You can see pictures of different URL is just a hash value change, it means that we can make use of violent methods, try all the possible url address, you can put all users picture download.
We tried for a long time even if the machine less can also be utilized to obtain part of the document images.
If a user is not careful, the document contains sensitive information, directly leaked.
Late verify the security of other cloud document, select cloud services still have to be cautious, even this giant Tencent safety design are so low, users can directly open documents picture.