In an Office 365 Tenant, you must be careful with External Sharing in a few different scenarios:
1) If your organization has migrated from an existing on premise Farm in which you used “NT AuthorityAuthenticated Users” to grant permissions
2) If your organization is making use of External sharing via “Everyone” (including external users) in Office 365
If your organization’s Office 365 Admin has allowed External Sharing for Authenticated Users:
And has also enabled External Sharing on 1 or more External Site Collections:
If a Site user shares anything (a document, folder, library, site etc.) with an external user:
That user become part your Organization’s Office 365 Tenant Directory.
Once part of this Directory, Any Site Collection that is configured for External Sharing and has permissions granted to securables via “NT AuthorityAuthenticated Users” or “Everyone” will now be available to all External Users (as well as organization users) with whom anyone at your company has shared anything with
Be extremely careful to review your permissions before opening up external sharing!