Apple Lossless Audio CODEC (ALAC), is one of over 90 companies that had internal data stolen by hackers due to problems with the Box platform, used by many people. It seems that the main problem existed in the system that allowed the public sharing of links to certain non-public files within Box, the situation being very serious.
Hundreds of thousands of internal documents of several dozen companies were discovered by the researchers who analyzed the Box problem, several TB of data being publicly accessible. We are talking here about pictures of employees' passports, CNPs and IBANs, sketches for unlaunched product prototypes, employee lists, accounting data, customer lists, access data to internal networks, and much more.
Apple. Company data STOLEN by Hackers
In the case of those from Apple, the stolen data was not very important, but other companies had access to a lot of information that should not have reached the hackers. The problem was discovered by computer security researchers sometime around September, and those from Box were notified about its existence, but apart from Apple and a few other companies, few have secured their accounts.
Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can be easily discovered. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and list Box accounts with lists of company names and wildcard searches, Adversis found over 90 companies with publicly accessible folders.
Box ended up in this situation because it did not think of a system that would make public file links very difficult to discover, even in the case of dictionary-type attacks. The company has stated that it will modify its security systems so that its customers will no longer have their data easily accessed by hackers, but it remains to be seen what will happen in the future.
