Box 잘못 설정으로 민감한 회사 데이터 누출

ment 3/16 '19 posted 뉴스 IT

• Adversis는 발견된 데이터 중에서 여권 사진, 은행 계좌 및 사회 보장 번호, 암호, 직원 목록, 인보이스 및 영수증과 같은 재무 데이터, 고객 데이터를 찾았습니다.

• 회사는 기밀 데이터의 더 큰 노출에 대해 경고하기 위해 Box에 연락했지만 첫 공개 후 6 개월간 전반적인 개선이 거의없는 점에 유의했습니다.

• Apple은 일부 폴더가 노출되었으며, 그 중에는 로그나 지역 가격표 등 중요하지 않은 내부 데이터로 보이는 것이 포함되어 있었습니다.

• 더욱이 일부 공용 폴더는 검색 엔진에 의해 스크랩되고 색인이 생성되어 데이터를 보다 쉽게 찾을 수 있습니다.

• 영양 거대 기업인 허벌 라이프 (Herbalife)는 이름, 이메일 주소, 전화 번호 등 약 10 만 고객의 파일과 스프레드 시트가 포함된 여러 폴더를 공개하고 있었습니다.

Security researchers have found dozens of companies inadvertently leaking sensitive corporate…

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts [techcrunch.com]

Confidential Apple files exposed to public in…

Confidential Apple files exposed to public in misconfigured Box account [appleinsider.com]

While data and documents uploaded to Box Enterprise…

Dozens of companies using Box inadvertently shared private data (updated) [www.engadget.com]

Written by Sean Lyngaas Mar…

Bad Box configurations lead to leaks of sensitive corporate data [www.cyberscoop.com]

We began enumerating for sub-domains of other company's Box accounts through standard open source…

Pandora's Box: Another New Way to Leak All Your Sensitive Data [www.adversis.io]

newest replies popular replies

Open Wiki - Feel free to edit it. -

3/16 '19 answered

New: Security researchers say they've found enterprise cloud storage accounts leaking customer databases, patient insurance records, donated body part prices, backdoor passwords to city water works, and more. https://t.co/uJUtNqz2OT
— Zack Whittaker (@zackwhittaker) March 11, 2019

Wow. It's possible to enumerate Box share links. Dozens of companies leaked sensitive data. They should use proper hashes as Nextcloud does. https://t.co/wuFgNKza9o
— Frank Karlitschek (@fkarlitschek) March 11, 2019

Sheer silence from tweet happy @levie about how a company built on notion of stronger security and privacy is deafening. Next time perhaps less jokes, more security should do @Box a world of good. #customer https://t.co/xD4qrrcYZa
— OM (@om) March 11, 2019

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts https://t.co/Nq1fjAhOeZ pic.twitter.com/OPD1fC4aSx
— Rich Tehrani (@rtehrani) March 11, 2019

Some of the companies that exposed corporate or customer data from their Box enterprise accounts:
• Apple
• Amadeus
• Discovery
• Edelman
• Herbalife
• Schneider Electric
• ...and Boxhttps://t.co/uJUtNqz2OT
— Zack Whittaker (@zackwhittaker) March 11, 2019

Did you buy Box because of claims that it's designed for secure external sharing? "More than 90 companies inadvertently exposed hundreds of thousands of documents via Box, a cloud-based file-sharing system" | Read: https://t.co/kJ4bQ86wgq > DM us for details & risk assessment! pic.twitter.com/xCbvg9quyo
— e-Share (@e_share_) March 11, 2019

If anyone was wondering... https://t.co/uJUtNqz2OT
— Zack Whittaker (@zackwhittaker) March 11, 2019

Wow. It's possible to enumerate Box share links. Dozens of companies leaked sensitive data. They should use proper hashes as Nextcloud does. https://t.co/wuFgNKza9o
— Frank Karlitschek (@fkarlitschek) March 11, 2019

Some of the companies that exposed corporate or customer data from their Box enterprise accounts:
• Apple
• Amadeus
• Discovery
• Edelman
• Herbalife
• Schneider Electric
• ...and Boxhttps://t.co/uJUtNqz2OT
— Zack Whittaker (@zackwhittaker) March 11, 2019

New: Security researchers say they've found enterprise cloud storage accounts leaking customer databases, patient insurance records, donated body part prices, backdoor passwords to city water works, and more. https://t.co/uJUtNqz2OT
— Zack Whittaker (@zackwhittaker) March 11, 2019

Pandora's Box: Another New Way to Leak All Your Sensitive Data https://t.co/MirBkFlGud
— /r/netsec (@_r_netsec) March 11, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured