Information Security News mailing list archives
Dozens of companies leaked sensitive data thanks to misconfigured Box accounts
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 12 Mar 2019 07:47:09 +0000 (UTC)
https://techcrunch.com/2019/03/11/data-leak-box-accounts/ By Zack Whittaker TechCrunch March 11, 2019 Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders. Not even Box's own staff were immune from leaking data. The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others. Worse, some public folders were scraped and indexed by search engines, making the data found more easily. [...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Dozens of companies leaked sensitive data thanks to misconfigured Box accounts InfoSec News (Mar 12)