Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.