advertisement
Dozens of companies have come under the spotlight for the wrong reasons as they were found to be inadvertently leaking sensitive corporate and consumer data according to discoveries made by Adversis, a cybersecurity firm, Techcrunch reported.
Companies like Apple, Amadeus, television network Discovery, PR firm Edelman, Herbalife, Schneider Electric are among 90 other countries that have been found to be leaking data via Box, which is a cloud content management firm based in California.
The company’s staff have been found sharing public links to files in their Box enterprise storage accounts, which can easily be discovered.
The cybersecurity firm said it found bank account and Social Security numbers, passwords, passport photos employee lists, invoices and receipts and customer data among others.
The data stored in Box is said to be private by default, but users can still share files and folders with anyone. This leads to the data being publicly available for access via a single link. According to Adversis, these secret links can be discovered by others.
On the breach, Box said, while much of the data is legitimately available to the public, the company advises users on how to make the data more secure and minimize the risk of leaks. Many of the users in this particular leak might not have been aware that the data they share in Box can be found by others.
To make things worse, some of the folders were scraped and indexed by search engines.
Adversis provided Techcrunch with a list of companies, which were leaking the data and also highlighted what data was being leaked. Here are some of the companies mentioned in the list:
Apple has multiple folders exposed that appear to be having non-sensitive internet data which also included logs and region wise price lists.
Television network Discovery has a database of millions of customers names and email addresses. The folders also had some demographic information including casting contracts and some tax documents.
Public relations firm Edelman had detailed project plans and resumes of proposed candidates for the project with their names, email IDs and phone numbers.
Herbalife, a nutrition giant, left several folders exposed which contained files and spreadsheets on about 100,000 customers, including their names, email addresses and phone numbers.
Box, in a statement, said that it takes user's data security "seriously" and provides adequate controls to choose the right level of security based on how sensitive the data to be shared is.
The cloud data management platform also said that it is taking steps to make the security setting clearer to users for them to better understand how to keep their data safe. The company also plans to reduce the unintended discovery of files and folders.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)