Amaya Toman In recent times, due to poor security, confidential data of Apple and other large companies almost became public. The fault is a bad configuration of the Box cloud storage, which allowed unauthorized persons to access sensitive data. The bug was discovered by security researchers.
Cloud service providers usually tout the security of their storage along with the ease of sharing stored data. Placing data on the servers of these services always carries with it a certain risk of their discovery and misuse, despite how much the operators try to secure them. It can also happen that sensitive ones become public without the credit of a third party.
It could be interest you
David Hanak Researchers from Adversis recently they found out, that the data of some of Box Enterprise's major clients is at risk. TechCrunch reported that simply by using the sharing function, the mentioned data was exposed to the possibility of disclosure. These were literally hundreds of thousands of documents and TB of data from hundreds of important clients using the Box service.
The problem was the way files could be shared via links on custom domains. Once Adversis employees discovered the link, it was easy for them to brute force other secret links on the subdomain.
It could be interest you
According to Adversis, Box advised account administrators to configure shared links so that only people within the company can access them. In this way, their exposure to the public was to be avoided.
According to Adveris, the data that could easily become public and thus misused included, for example, passport photos, bank account numbers, social security numbers or various financial and customer data. In Apple's case, these were specifically folders containing "non-sensitive internal data" such as price lists or log files.
Other companies whose data in Box storage was potentially compromised include Discovery, Herbalife, Pointcate, as well as Box itself. All the companies mentioned have already taken the necessary steps to correct the error.
