Comments on “DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems”/Security Analysis of Attribute Revocation in Multiauthority Data Access Control for Cloud Storage Systems In the above paper, Yang et al. have proposed a multi-authority ciphertext-policy attribute-based encryption-based data access control for cloud storage, in which the authors claimed that the mechanism in dealing with attribute revocation could achieve both forward security and backward security. Unfortunately, our further analysis and investigation show that their work adopts a bidirectional re-encryption method in ciphertext updating, so a security vulnerability appears. Our proposed attack method demonstrates that a revoked user can still decrypt new ciphertexts that are claimed to require the new-version secret keys to decrypt.