Israeli research Nir Goldshlager uncovered a major security hole with Facebook’s internally used “Secure File Transfer “ service hosted by Accellion. Written on his blog last week, Goldshlager shared his findings regarding a Password Recovery flaw in addition to some 20+ different bugs.

Using public knowledge of the Accellion platform, Goldshlager accessed a hidden account creation page for the Facebook deployment and created a new account linkedto his email. After analyzing source codes, file locations and Accellion’s password reset feature, he discovered hijacking an account was as easy as some simple cutting/pasting, a HTTP post request, and providing the users login email address.

While both parties reported the flaw has now been patched, it’s unclear if all Accellion customers using private cloud deployments are covered by the fix.

Marked by itself as an “alternative to consumer-focused file transfer and sharing services for security conscious organization facing regulatory scrutiny,” Accellion and its customers are likely now taking a much closer look at security measures.

We protect your files from login to storage, giving you the ease of mind that your sensitive data is safely secure and readily accessible. Give your business an enterprise-grade file sharing solution that will pay for itself by allowing advanced control over what’s being shared and with whom.

Learn more about our privacy policy and how we secure data at the application, network and facilities levels by clicking here.

Happy (& Safe) Sharing!

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on RedditBuffer this pagePrint this pageEmail this to someone

Leave a Reply

Your email address will not be published. Required fields are marked *