Box is a cloud management system as like AWS S3 buckets, to manage and access your data. You can place the files in the Box storage and it can be shared to anyone through links.
The data leak is not due to a bug or vulnerability, the problem is with the account administrators who created files/folders link to be accessible by public instead of giving access to only the People in their company.
Cyber-security firm Adversis, identified thousands of Box customer sub-domains through their standard intelligence gathering techniques, they discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers.
Following are the sample Data found:
“we intended to reach out to all the companies affected but we quickly realized that was impossible at this scale. We alerted a number of companies that had highly sensitive data exposed, reached out directly to Box.”
The publically accessible data with BOX is more worse than the S3 public bucket issue, because the s3 has long names and difficult to guess, but with BOX account’s it is easy. The BOX url should be something like this
https://[.]app.box[.]com/v/<file/foldername
Box Accounts Administrators configure Shared Link default access to ‘People in your company’ to reduce accidental creation of public.
You can Check out https://github.com/adversis/PandorasBox. Pandora’s Box will take a list of companies, find the ones that have a valid box account and begin to scan for exposed files and folders. adversis researchers said.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Also Read:
Citrix Hacked – Terabytes of Sensitive data Stolen by Iranian Hackers
SBI Data Leak – Millions of Customers Data Leaked From Unsecured Server
NASA Data Leak – Internal App Leaked NASA Staff and Project Sensitive data
Hundreds of German politicians Private & Sensitive Data Leaked Online
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress,…
A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign embedded…
A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a…
Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious code,…
Chinese intelligence operative posing as a Stanford University student has been uncovered following an investigation…
Security update KB5058379 for Windows 10, released in May 2025, is causing significant technical issues…
![](data:image/svg+xml;charset=utf-8,<svg height="400px" width="1000px" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
.webp?w=1600&resize=1600,900&ssl=1)
