Box Cloud Service Failure Exposes Apple Internal Files

By subscribing to a a cloud, you are placing your trust in that provider to provide reliable service without failures or data exposure. The same goes for the technology companies themselves: They also use the infrastructure of certain cloud services to share files and make their operations easier, and from time to time they are subject to the same flaws as us.

This is what happened recently with Apple and several other companies that use the Box. As reported by TechCrunchMa along with companies such as Discovery Networks, Amadeus, Edelman, Herbalife, Opportunity Internatonal, and more than 90 others have had internal file folders exposed because of a cloud service failure.

The problem was discovered by cybersecurity company Adversis and does not involve any kind of raid attack or attack by crackers; the whole problem is simply generating Box share links. Adversis found that with a simple script, anyone could discover these links and gain access to files shared by platform users; In addition, it would be sufficient to run a simple brute force algorithm to find other folders and files of the same user, since the difference in the minimum URLs.

The Apple files that were exposed do not appear to be confidential: for the most part, they are reseller records and regional product price lists. Other companies had more sensitive, unprotected data, such as names, emails, and customer numbers, as well as confidential projects and spreadsheets. Even Box's own folders and files were exposed.

In a statement, Box stated that the problem does not exist if the files are shared with restrictions ie only authorized access to other users linked to that corporate account, for example. The company added that it will make changes to its system to make different sharing options clearer, helping customers better understand how their files and folders can be distributed.