\n<\/a><\/p>\n“We’re working to restore links that aren’t susceptible to this vulnerability over the next few days.”<\/p>\n
Box has not responded to the BBC’s request for a comment.<\/p>\n
Security researcher Graham Cluley said identity thieves could use the method to “scoop up” data.<\/p>\n
“I think these services need to be more upfront with warnings,” he told the BBC.<\/p>\n
However he added that the problem was not a security flaw as such, but instead an unexpected consequence of user behaviour.<\/p>\n
Referral data<\/b><\/p>\n
Mr Cluley has outlined suggestions\u00a0on his blog for how users can restrict access to the public files.<\/p>\n
Both websites offer ways to tighten security on shared links, but doing so limits flexibility.<\/p>\n
“This is the eternal battle sites like this face,” Mr Cluley added. “It’s security versus functionality.”<\/p>\n
Box is another highly successful file storage service<\/p>\n
Dropbox, Box and most other cloud hosting services often give users the option of creating a shareable web link for their files.<\/p>\n
It means users are able to simply send a web address – made up of a string of letters and numbers – for someone to directly download a file without needing to log in.<\/p>\n
Because of the complexity of the link, it is very difficult to guess – meaning that while the link is technically public, it is unlikely anyone would be able to access it by chance.<\/p>\n
However, Intralinks discovered that the links were being exposed in two ways not previously considered.<\/p>\n
Firstly, it discovered that shared links were often appearing in websites’ referral data.<\/p>\n
Many websites look at referral data when analysing their traffic to get an insight into how visitors got to their site.<\/p>\n
Intralinks found that if a link to a website is included in a file shared on Dropbox, and subsequently clicked within the web viewer, the website owner would see the shared link in its referral data – and therefore be able to access the file.<\/p>\n
Dropbox said its patch has now fixed the problem.<\/p>\n
Google ads<\/b><\/p>\n
Furthermore, the company had been running a Google advertising campaign, and had paid to have an advert for Intralinks appear in Google’s search results whenever someone searched for “Dropbox” or “Box”.<\/p>\n
Companies that use Google’s search advertising service are sent an anonymised breakdown of what users had searched for in order to find their advertising.<\/p>\n
Intralinks found that many people would put the entire shared link into a Google search box, and therefore Intralinks would subsequently see those links in the breakdown data from Google.<\/p>\n
While copying and pasting a download link into Google’s search engine might appear to be odd behaviour, Intralinks said “a few hundred documents” were exposed to them in this way.<\/p>\n
Dropbox’s patch has not addressed this particular problem, Mr Cluley said.<\/p>\n
Intralink’s chief technology officer for Europe, Middle East and Africa Richard Anstey said: “Most internet users have, at one time or another, accidentally pasted a link into the search bar of their favourite search engine whilst intending to paste it into the internet address bar – it’s an easy mistake to make.<\/p>\n
“However, what they don’t realise is that when they press enter to execute the search, the advertisement engines that drive (and fund) the search engine will distribute that link as a search term to anyone who has paid for an ‘adword’ that closely matches any part of that link.”<\/p>\n
<\/p>\n
Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"
People using file storage services, such as Dropbox and Box, are being warned that they are at risk of inadvertently leaking their own files. Intralinks – which is a competitor – said it found sensitive files, such as mortgage records. The problem centred on the use of the services’ sharing function that generated a public […]<\/p>\n","protected":false},"author":14,"featured_media":16764,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[18],"yoast_head":"\n
Warning over unintentional file leak from storage sites - Citi 97.3 FM - Relevant Radio. Always<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Warning over unintentional file leak from storage sites - Citi 97.3 FM - Relevant Radio. Always\" \/>\n<meta property=\"og:description\" content=\"People using file storage services, such as Dropbox and Box, are being warned that they are at risk of inadvertently leaking their own files. Intralinks – which is a competitor – said it found sensitive files, such as mortgage records. The problem centred on the use of the services’ sharing function that generated a public […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/\" \/>\n<meta property=\"og:site_name\" content=\"Citi 97.3 FM - Relevant Radio. Always\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/citi97.3\" \/>\n<meta property=\"article:published_time\" content=\"2014-05-06T10:33:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/citifmonline.com\/wp-content\/uploads\/2014\/05\/drop.png\" \/>\n\t<meta property=\"og:image:width\" content=\"464\" \/>\n\t<meta property=\"og:image:height\" content=\"261\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kojo Akoto Boateng\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@citi973\" \/>\n<meta name=\"twitter:site\" content=\"@citi973\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kojo Akoto Boateng\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/\",\"url\":\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/\",\"name\":\"Warning over unintentional file leak from storage sites - Citi 97.3 FM - Relevant Radio. Always\",\"isPartOf\":{\"@id\":\"https:\/\/citifmonline.com\/#website\"},\"datePublished\":\"2014-05-06T10:33:24+00:00\",\"dateModified\":\"2014-05-06T10:33:24+00:00\",\"author\":{\"@id\":\"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1\"},\"breadcrumb\":{\"@id\":\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/citifmonline.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Warning over unintentional file leak from storage sites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/citifmonline.com\/#website\",\"url\":\"https:\/\/citifmonline.com\/\",\"name\":\"Citi 97.3 FM - Relevant Radio. Always\",\"description\":\"Ghana News | Ghana Politics | Ghana Soccer | Ghana Showbiz\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/citifmonline.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1\",\"name\":\"Kojo Akoto Boateng\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/citifmonline.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g\",\"caption\":\"Kojo Akoto Boateng\"},\"url\":\"https:\/\/citifmonline.com\/author\/kojo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Warning over unintentional file leak from storage sites - Citi 97.3 FM - Relevant Radio. Always","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/","og_locale":"en_US","og_type":"article","og_title":"Warning over unintentional file leak from storage sites - Citi 97.3 FM - Relevant Radio. Always","og_description":"People using file storage services, such as Dropbox and Box, are being warned that they are at risk of inadvertently leaking their own files. Intralinks – which is a competitor – said it found sensitive files, such as mortgage records. The problem centred on the use of the services’ sharing function that generated a public […]","og_url":"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/","og_site_name":"Citi 97.3 FM - Relevant Radio. Always","article_publisher":"https:\/\/www.facebook.com\/citi97.3","article_published_time":"2014-05-06T10:33:24+00:00","og_image":[{"width":464,"height":261,"url":"https:\/\/citifmonline.com\/wp-content\/uploads\/2014\/05\/drop.png","type":"image\/png"}],"author":"Kojo Akoto Boateng","twitter_card":"summary_large_image","twitter_creator":"@citi973","twitter_site":"@citi973","twitter_misc":{"Written by":"Kojo Akoto Boateng","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/","url":"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/","name":"Warning over unintentional file leak from storage sites - Citi 97.3 FM - Relevant Radio. Always","isPartOf":{"@id":"https:\/\/citifmonline.com\/#website"},"datePublished":"2014-05-06T10:33:24+00:00","dateModified":"2014-05-06T10:33:24+00:00","author":{"@id":"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1"},"breadcrumb":{"@id":"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/citifmonline.com\/2014\/05\/warning-over-unintentional-file-leak-from-storage-sites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/citifmonline.com\/"},{"@type":"ListItem","position":2,"name":"Warning over unintentional file leak from storage sites"}]},{"@type":"WebSite","@id":"https:\/\/citifmonline.com\/#website","url":"https:\/\/citifmonline.com\/","name":"Citi 97.3 FM - Relevant Radio. Always","description":"Ghana News | Ghana Politics | Ghana Soccer | Ghana Showbiz","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/citifmonline.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1","name":"Kojo Akoto Boateng","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/citifmonline.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g","caption":"Kojo Akoto Boateng"},"url":"https:\/\/citifmonline.com\/author\/kojo\/"}]}},"_links":{"self":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/posts\/16763"}],"collection":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/comments?post=16763"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/posts\/16763\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/media\/16764"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/media?parent=16763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/categories?post=16763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/tags?post=16763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}