It has recently come to the notice that 90 or more of the companies have their terabytes of data and thousands of documents unknowingly exposed through the use of Box, which is the cloud-based file-sharing system. Adversis, a cybersecurity firm, was the one behind bringing up the current security concerns. The current data breaching had every document and data right from the passport details, photos, bank accounts to the financial and IT data, employee lists, and design and prototype files revealed. Even though the accounts that uploaded the data and document on the Box Enterprise are private the users have the option of sharing access using links and there are chances that some of them possessing the URL can make it publically visual.
The cybersecurity firm found some companies responsible by displaying secret links even on the search engines in certain cases. The firm decided to talk to the concerned companies but later realized the depth of the problem. Box has come forward to justify and put customers’ security as a priority and implement a more advanced level of security depending on the sensitivity of the content. Many users want to share files broadly and there is an option of custom or shared link to be changed to either open or public. This will help avoid any future unintentional file or folder from being stolen by implementing better admin policies and more control on shared links.
According to Box, if any of its URL is shared anywhere then it is Google that must have indexed it and made the content accessible. The most preventive measure is to not share the links and a similar rule applies for the public Box links having custom URLs which are used for internal sharing but not for the outside sharing purpose.
By default the public custom shared URLs will be disabled but unless users change it. The companies including Apple, Herbalife, Opportunity International, television network Discovery, and Amadeus also had their data breached. However, recently the company has reverted back saying that there is no security glitch on the part of Box as it is user’s way of using Box’s public URLs.