Box Mistakes Leave Enterprise Data Exposed

  /     /     /  
Publicated : 23/11/2024   Category : security


Box Mistakes Leave Enterprise Data Exposed


User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.



Sharing public links via custom URLs to private files in Box enterprise storage can lead to more than productive collaboration: it can expose sensitive data to anyone with a search engine and a well-formed query. 
Security firm Adversis discovered hundreds of Box customers who had hundreds of thousands of documents and terabytes of data exposed. In the blog post announcing the find, Adversis said it originally intended to notify all the companies whose data they found, but the scale of the discovery quickly made that impossible.
This is not a bug in Box, the researchers said: Its an advertised feature thats working precisely as it should but was misconfigured by users. Tech blog TechCrunch worked with Adversis and found large, public companies that had exposed millions of customer names, email addresses, phone numbers, and other sensitive information. When contacted, those companies took the sensitive information offline.
Box posted
a blog
 explaining the proper use of custom URLs in the application, and noted that it is adding several protections to limit possible confusion or misconfiguration that could expose data, including disabling the default setting in Box Admin for public custom-sharing URLs. We are working on a variety of methods to limit the unintended discovery of open/public links and prevent content access by external parties, the post said. 
In a statement to Dark Reading, Pravin Kothari, CEO of CipherCloud said, A single misconfiguration can cause havoc as all your sensitive information could be exposed to the public or hackers by a users inadvertent action. Not only do you have to deal with reputational damage, but if the exposed data had regulatory requirements then youre also looking at stiff penalties.
Box spokesperson Denis Roy told Tech Crunch: We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.
For more, read
here
and
here
.
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Box Mistakes Leave Enterprise Data Exposed