Cyber News

Thu, 5 Jan 2017 Personal Information

Confidential Box.com Files Found on Search Engines

All
data leak

The confidential files of online file sharing and content management provider Box.com were found via Google, Bing, and other search engines after a flaw was identified. The flaw lies in the invite URL generated for participants to access or collaborate with a cloud storage account. The invite URL directs participants to a landing page that is typically indexed by search engines. As a result, attackers are able to access sensitive data stored on collaborative accounts using a simple search engine query. They are also able to upload malware to a collaborative project, and attach malicious attachments in emails sent to participating employees.

 

References:
Box.com Plugs Account Data Leakage Flaw


Certis CISCO Terms of Use Privacy Policy © 2016 Quann
Back to top