. home.aspx



File Sharing Links Leave Data out of the Box

March 12, 2019 / Kacy Zurkus

Security researchers have found that hundreds of thousands of documents were unintentionally leaked after multiple companies left sensitive corporate and customer data exposed on their Box enterprise storage accounts. The issue, though, is not a vulnerability but a feature of Box, according to researchers. “After identifying thousands of Box customer sub-domains through standard intelligence gathering techniques and using a relatively large wordlist, we discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers,” researchers at Adversis wrote in a blog post. “The issue could be compared to AWS S3 buckets publicly hosting any manner of documents. Not all are sensitive, but often times they are. On one hand this issue is worse than the S3 bucket issue because finding a company's Box account is fairly easy, unlike with S3 bucket names which can be long and difficult to guess. On the other hand, employees seem much less li...