TechCrunch reports that roughly 90 high-profile companies have had corporate data exposed through their Box accounts:
The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found over 90 companies with publicly accessible folders.
Not even Box’s own staff were immune from leaking data.
The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.
Worse, some public folders scraped and indexed by search engines, making the data found more easily.
In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.
Adversis first reported the issue to Box back in September, and has waited until today to make it public, to give companies time to remove sensitive data. Which is nice of them. But it illustrates the perhaps misplaced trust that companies have in cloud services. I say that because having your stuff “in the cloud” doesn’t remove the responsibility of making sure that the stuff in question is properly secured. Given that companies mentioned in this article include Amadeus, Apple, Box, Discovery, Herbalife, Edelman and Pointcare, this incident should serve as a warning to everyone else who uses services like these to store company data.
Like this:
Like Loading...
Related
This entry was posted on March 11, 2019 at 11:43 am and is filed under Commentary with tags Box. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
90+ Companies Have Had Their Company Data Exposed Through Their Box Accounts…. Yikes!
TechCrunch reports that roughly 90 high-profile companies have had corporate data exposed through their Box accounts:
The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found over 90 companies with publicly accessible folders.
Not even Box’s own staff were immune from leaking data.
The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.
Worse, some public folders scraped and indexed by search engines, making the data found more easily.
In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.
Adversis first reported the issue to Box back in September, and has waited until today to make it public, to give companies time to remove sensitive data. Which is nice of them. But it illustrates the perhaps misplaced trust that companies have in cloud services. I say that because having your stuff “in the cloud” doesn’t remove the responsibility of making sure that the stuff in question is properly secured. Given that companies mentioned in this article include Amadeus, Apple, Box, Discovery, Herbalife, Edelman and Pointcare, this incident should serve as a warning to everyone else who uses services like these to store company data.
Share this:
Like this:
Related
This entry was posted on March 11, 2019 at 11:43 am and is filed under Commentary with tags Box. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.