Last week, an article highlighted inadvertent data exposure by Box users at several large organizations. The issue is due to inappropriately set shared link permissions which may be the default set by their organization. They estimate that terabytes of sensitive information at hundreds of Box customers is exposed.
Pandora’s Box: Another New Way to Leak All Your Sensitive Data — Adversis
Our Box enterprise shared links default to “People in this folder/file,” restricting access to invited collaborators only and requiring users to choose to make the content available to the public by selecting the "Anyone with the link" option. Though we’ve received comments and complaints over the years about this “restrictive” setting, findings like this support our choice and ensure we minimize the chance of inadvertent data leakage.