Free file sync and share (FSS) services such as Dropbox typically come with security and privacy settings set to "public" by default. When a user shares a share link to corporate data, anyone who comes across that link can get to the potentially sensitive information. Some free FSS apps don't offer privacy settings. Even if a user wanted to, they could not change the public settings to private in order to protect the data.
[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Here is one way those share links have escaped into the open. When an intended party receives a share link by email, their email client and / or security settings may prevent them from clicking on it as a live link. So, they copy the link and attempt to paste it into the URL field in their browser. Many users mistakenly paste the share link into the search field, which typically uses Google, the search engine people use most, to present search results for that link.