dropdox

People using shared storage provider Dropbox are leaking data, a competitor has discovered. Dropbox competitor Intralinks stumbled across mortgage applications and bank statements while checking Google Analytics data for a Google Adwords campaign. Links to shared files leak out when those links are accidentally put into the Google search box, or if users click links from within documents.

Dropbox has acknowledged and disabled a vulnerable shared links feature that exposed documents stored by the service to third parties. Shared links are a collaboration feature that allows user, especially in a business environment, to share and edit documents.

Dropbox has taken steps to address the issue including patching the vulnerability protecting shared links going forward, and disabling access to previously shared links. Dropbox was not aware of any users losing data. Users could be exploited by sharing a link to a document that contains a hyperlink to a third-party websites.

Intralinks said that the privacy problem could apply to other consumer-based file sync and share applications. When using file sharing apps, many people fail to use basic security features and take few precautions with even highly sensitive financial data.