Security researchers at Adversis, a cybersecurity firm, have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can be easily discovered, reports TechCrunch.
The discoveries were made by Apple had several folders exposed, containing what appeared to be non-sensitive internal data, such as logs and regional price lists, the report adds. Data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link.
Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found over 90 companies with publicly accessible folders, notes TechCrunch.
