Also, i'm not sure if anyone else picked up on this, but he was giving out his box.com account credentials to clients so they could upload straight to the folder.
I gave them the email addresses of several people with whom I had shared files over the years, thinking maybe the account had been mistakenly assigned to them.
Hrrmm? that's odd. Why would you even think because you sent someone a link to your cloud shared folder that the cloud company would magically given them the account...unless you didn't send them some link....
My lovely and talented wife, with whom I collaborate on stories for Family Circle (where we used Box.com a lot), had apparently invited an employee of this PR firm to upload an image to one of our shared folders last April
Ahh, now this language seems a bit too obtuse. "Invited an employee to upload an image". At first glance, you'd think you send this PR employee a link and they uploaded to your box.com folder. But you can't do that with box.com.... Only way to let someone upload to your folder is via an E-mail ( which won't work for large files ) or the 'upload widget' which you have to host on a website and it's up to you to lock it down ( he didn't use this either ). Failing that, YOU HAVE TO GIVE YOUR ACCOUNT USERNAME/PW TO THE PERSON TO UPLOAD TO YOU.
They probably pulled all the accounts used from an IP range known to be the PR firm, and assumed that's "PR Firms" employees. Since this employee had the username/pw, what else were they to assume.
Not a brilliant move on Box.com's part, but also, a stupid move on this writers part.
Most of these large cloud storage apps make it difficult for someone else to 'contribute' (upload) files. Otherwise they get abused for warez or porn.
Long story short, this guy violated their terms of agreement and gave away his username and password and was amazed when his files disappeared.
If he wasn't a tech writer, they would have written him off and rightly so. If anything, this is "Treat me different, I'm the press" mentality.