Box.com plugs account data leakage flaw

Tom Spring writes:

Box.com has changed the way it handles publicly shared accounts and folders after a researcher found confidential documents and data belonging to Box.com users via Google, Bing and other search engines. While Box.com maintains this is a case of its customers unintentionally over-sharing, it says it has “fixed” the issue.

The problem stems from what Markus Neis, threat intelligence manager for Swisscom, calls a flaw in the way Box.com handles shared cloud storage accounts. Last week, he disclosed that a simple search engine query could expose confidential files of businesses and individuals to anyone on the Internet. Attackers exploiting this issue, he said, could have accessed sensitive data stored on “Collaborative” Box.com accounts managed by businesses and organizations such as Dell Technologies, Discovery Communications, biotech firm Illumina as well as accounts owned by individuals.

Read more on ThreatPost.

About the author: Dissent