Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Data on Box.com Exposed

March 14, 2019

Another problem for a cloud storage provider. Dozens of companies leaked sensitive data because of misconfigured Box accounts. It was fortuitous that Sharon and I gave a presentation on cloud computing this week so we had current information for the audience. According to an ITPro Today report, Box.com exposed information such as passport photos, Social Security and bank account numbers, technology prototype and design files, employee lists, financial data, customer lists, IT data and network diagrams. Apparently, 90 companies were impacted.

The problem with the data exposure should be shared by the users and Box itself. Box made a change to the formatting of the URLs for shared links. Its intent was to make the links more convenient and descriptive. Because the instructions were not clear, users set the file permissions to “public” when they should have been set to “private” or “people in your company.” Cloud security has become more complicated, especially when you give control to the end user. Box has since clarified its instructions, but you’re still bound to have mistakes when you put a human in the equation.

Email:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com