Data on Box.com Exposed

Another problem for a cloud storage provider. Dozens of companies leaked sensitive data because of misconfigured Box accounts. It was fortuitous that Sharon and I gave a presentation on cloud computing this week so we had current information for the audience. According to an ITPro Today report, Box.com exposed information such as passport photos, Social Security and bank account numbers, technology prototype and design files, employee lists, financial data, customer lists, IT data and network diagrams. Apparently, 90 companies were impacted.

The problem with the data exposure should be shared by the users and Box itself. Box made a change to the formatting of the URLs for shared links. Its intent was to make the links more convenient and descriptive. Because the instructions were not clear, users set the file permissions to “public” when they should have been set to “private” or “people in your company.” Cloud security has become more complicated, especially when you give control to the end user. Box has since clarified its instructions, but you’re still bound to have mistakes when you put a human in the equation.

Email: jsimek@senseient.com  Phone: 703.359.0700

Digital Forensics/Information Security/Information Technology

https://www.linkedin.com/in/johnsimek

https://amazon.com/author/johnsimek

https://senseient.com

     

Related Stories

• Russia is Pissed – Blocks ProtonMail Encrypted Email
• Please Use a Password to Lock Your Phone
• No Genius Employees at Comcast