Sensitive Data Stored On Box.com Accounts Accessible Via Search Queries

msm1267 writes: Last week Box.com moved quickly and quietly to block search engines from indexing links to confidential data owned by its users. That is after security researcher Markus Neis surfaced private data belonging to a number of Fortune 500 companies via Google, Bing and other search engines. Box.com said it's a classic case of users accidentally oversharing. Neis isn't convinced and says Box.com's so-called Collaboration links shouldn't have been indexed in the first place. Box.com has since blocked access to what security researchers say was a treasure trove of confidential data and fodder for phishing scams.

This is why "the cloud" is stupid

Don't let someone else have custody of your data.

People are so stupid.

Re:What is shared should be indexed

[stephanruby]

Box should just have used a robots.txt and disallowed /* everything by default. It's not that hard.

It's a given that users, whether they know it or not, are going to leak private urls to search engines. The Alexa toolbar, the Google toolbar, the Microsoft browser, etc., they all leak that kind of information. This is not a new problem. This is why the robots.txt file is there (not to inform hackers of the exact links they must not index, but to inform search engines that if they find themselves on a particular domain, or in a particular directory, that they should not index any file/folder below that level).