Attackers Can Access Dropbox, Google Drive, OneDrive Accounts Without the User’s Password

MspPortalPartner News

I hope you folks are using these services for sensitive company information..Its the old adage you get what you pay for.

By Catalin Cimpanu    5 Aug 2015, 13:05 GMT

Cloud storage accounts vulnerable to MITC attacks

A report by Imperva shows how an attacker could easily get their grubby hands on cloud storage and synchronization accounts, without even needing the user’s password, and use them in their illicit activities.

The research paper details a new technique called MITC (Man in the Cloud), which allows attackers to intrude popular cloud storage services like Box, Dropbox, Google Drive, and OneDrive.

MITC attacks don’t rely on vulnerabilities in the syncing applications themselves, nor on security holes in the cloud storage server, but act on a design flaw.

Because of the way these services were built, not requiring a password every time a file is synced, a token is used instead to authorize…

View original post 224 more words

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s