Bad Box configurations lead to leaks of sensitive corporate data
Dozens of organizations left terabytes of data exposed online through web links to files hosted on data-sharing platform Box, according to research published Monday. The exposed data, which spanned hundreds of thousands of documents, included Social Security and bank account numbers; hundreds of passport photos; files of technology prototypes; VPN configurations; and financial data and invoices, according to Adversis, a vulnerability assessment company. Box allows users to easily share files that, if not properly secured, are vulnerable to brute-force attacks, the research shows. After locating the sub-domains of various corporate Box accounts, Adversis researchers began brute-forcing files and folders, “returning results faster than we could review them.” TechCrunch was first to report on the data leak. As the researchers pointed out, their findings have parallels with security problems in another popular data storage service – Amazon Web Services S3 “buckets” – which are routinely exposed online. The Box issue is worse […]
The post Bad Box configurations lead to leaks of sensitive corporate data appeared first on CyberScoop.
Continue reading Bad Box configurations lead to leaks of sensitive corporate data