Monday, April 28, 2025
HomeCloudBox Data Leak - Terabytes of Data Exposed from Companies Using cloud...

Box Data Leak – Terabytes of Data Exposed from Companies Using cloud based Box Accounts

Published on

SIEM as a Service

Follow Us on Google News

Box is a cloud management system as like AWS S3 buckets, to manage and access your data. You can place the files in the Box storage and it can be shared to anyone through links.

The data leak is not due to a bug or vulnerability, the problem is with the account administrators who created files/folders link to be accessible by public instead of giving access to only the People in their company.

Cyber-security firm Adversis, identified thousands of Box customer sub-domains through their standard intelligence gathering techniques, they discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers.

- Advertisement - Google News

Following are the sample Data found:

  1. Hundreds of Passport Photos
  2. Social Security and Bank Account Numbers
  3. High profile technology prototype and design files
  4. Employees lists
  5. Financial data, invoices, internal issue trackers
  6. Customer lists and archives of years of internal meetings
  7. IT data, VPN configurations, network diagrams

“we intended to reach out to all the companies affected but we quickly realized that was impossible at this scale. We alerted a number of companies that had highly sensitive data exposed, reached out directly to Box.”

The publically accessible data with BOX is more worse than the S3 public bucket issue, because the s3 has long names and difficult to guess, but with BOX account’s it is easy. The BOX url should be something like this

https://[.]app.box[.]com/v/<file/foldername

Box Accounts Administrators configure Shared Link default access to ‘People in your company’ to reduce accidental creation of public.

You can Check out https://github.com/adversis/PandorasBox. Pandora’s Box will take a list of companies, find the ones that have a valid box account and begin to scan for exposed files and folders. adversis researchers said.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Citrix Hacked – Terabytes of Sensitive data Stolen by Iranian Hackers

SBI Data Leak – Millions of Customers Data Leaked From Unsecured Server

NASA Data Leak – Internal App Leaked NASA Staff and Project Sensitive data

Hundreds of German politicians Private & Sensitive Data Leaked Online

Thousands of US Voters Personal Data Leaked Online Again

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email

The NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat...

FBI Reports ₹1.38 Lakh Crore Loss in 2024, a 33% Surge from 2023

The FBI’s Internet Crime Complaint Center (IC3) has reported a record-breaking loss of $16.6...

Fog Ransomware Reveals Active Directory Exploitation Tools and Scripts

Cybersecurity researchers from The DFIR Report’s Threat Intel Group uncovered an open directory hosted...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

RansomHub Ransomware Deploys Malware to Breach Corporate Networks

The eSentire’s Threat Response Unit (TRU) in early March 2025, a sophisticated cyberattack leveraging...

Hackers Claim TikTok Breach, Leak Over 900,000 Usernames and Passwords

A hacker collective known as R00TK1T claims to have breached TikTok's user database, allegedly...

Blue Shield Exposed Health Data of 4.7 Million via Google Ads

Blue Shield of California has disclosed a significant data privacy incident affecting up to...