Publicly Accessible BOX folders leave Companies Vulnerable to Hackers

2019, Breaches, March

Who: 90 Major tech companies and Corporate Giants​

When: 8 Mar 2019

# of records involved: Undetermined

What happened: Major tech companies and Corporate giants left data inadvertently exposed.

How did it happen: Dozens of companies inadvertently leaking sensitive corporate and customer data because their staff is sharing public links to files in their Box enterprise storage accounts that can easily be discovered. Although data stored in Box enterprise accounts are private by default, users can share files and folders with anyone, making data publicly accessible with a single link. Box advises users on how to minimize risks, however, many employees may not know the sensitive data they share can be found by others and worse, some public folders were scraped and indexed by search engines,

Outcome: Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public. BOX was warned of the larger exposures of sensitive data but noted that there was little overall improvement six months after its initial disclosure.

Malcare WordPress Security