Please create an account to participate in the Slashdot moderation system


Forgot your password?
Cloud Data Storage Links Security

Dropbox and Box Leaked Shared Private Files Through Google 92

judgecorp writes: "People using shared storage providers such as Box and Dropbox are leaking data, a competitor has discovered. Links to shared files leak out when those links are accidentally put into the Google search box, or if users click links from within the documents. Dropbox competitor Intralinks stumbled across mortgage applications and bank statements while checking Google Analytics data for a Google Adwords campaign. Graham Cluley explains the problem in detail and suggests answers: for Dropbox users, it means upgrading to the Business version, which lets you restrict access to shared document links." Dropbox has posted an official response and disabled access to previously shared links. Box made a vague statement about their awareness of the issue.
This discussion has been archived. No new comments can be posted.

Dropbox and Box Leaked Shared Private Files Through Google

Comments Filter:
  • To the cloud (Score:3, Insightful)

    by Anonymous Coward on Tuesday May 06, 2014 @10:20PM (#46936069)

    ...and this is why we should all be wary of cloud providers.

  • by hawguy ( 1600213 ) on Tuesday May 06, 2014 @10:39PM (#46936159)

    >The trick is simple -- if the files are small, but too big to E-mail, PGP/gpg encrypt them, then send the links via a secure message. If the files are bigger (~50-100 megs or larger), then the file goes into a TrueCrypt volume that uses a keyfile, and the keyfile is GPG encrypted and E-mailed.

    You have a much different definition of "simple" than most people. Few people (who are not techies) find transferring a file via GPG or TrueCrypt to be "simple". Even getting them to download the file from a cloud provider can be a chore "I clicked on the link but nothing happened! What do you mean I need to look in my Downloads folder?"

  • Re:To the URLbar! (Score:5, Insightful)

    by immaterial ( 1520413 ) on Tuesday May 06, 2014 @10:53PM (#46936219)
    I've always hated the move toward "omnibar" seach field/URL field combos for this very reason. Add in dynamic search suggesting and every damn thing many (if not most) of the people on the planet put in that field gets sent to Google. Anything Google does with the URL bar is solely for their own advantage. No thanks.
  • by ko7 ( 1990064 ) on Wednesday May 07, 2014 @02:06AM (#46936877)

    When dealing with 'users' of the caliber that you describe, it really isn't possible to securely exchange data. Unfortunately, most 'users' can't be trusted not to have the file scraped off of their own box once they've received it. Without a minimal amount of computer knowledge and skills (which appears to be beyond the capabilities of most users), it just isn't possible to guarantee any security at all.

This screen intentionally left blank.