Data security is one of the foremost concerns of our current digital age. With so much of our lives being hosted online, databases are a treasure trove of personally identifiable information for hackers. We like to believe that companies take the best measures possible to protect that information, and perhaps that’s true, but there are far too many stories of data security breaches to think that it’ll never happen to you. Personally, I can’t count the number of times I’ve worried someone might gain access to sensitive information like financial statements, tax returns, “Lord of the Rings” fan fic...er, business documentation. And now one of the most popular cloud storage solutions may find itself under fire for security concerns.
Dropbox has had what could fairly be described as a “rough week." NSA whistleblower Edward Snowden took time out from hiding out in Russia to drop in to the New York Festival via video for an interview. In the interview, Snowden labeled Dropbox and other services as “hostile to privacy” and urged viewers to get rid of the service due to its lack of local encryption; currently, Dropbox only encrypts data on its servers and in transit. Given Snowden’s notoriety and the means by which he came into it, such words likely carry more weight than the average observer.
To add injury to insult, as it were, reports spread through multiple sources that millions of Dropbox accounts had been hacked. According to TechCrunch, a Pastebin user claimed they had compromised the email and password credentials for seven million Dropbox accounts, and posted a list of four hundred such credentials with a request for Bitcoins to release more. Dropbox took to its blog to debunk such claims, stating:
“Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”
To further allay fears, they later posted this update:
“A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.”
While Dropbox may have avoided disaster in this instance, it doesn’t mean that there aren’t legitimate security concerns surrounding their service. We need to take responsible measures to manage and store our data securely. This is a lesson for us all to ensure that the online storage solution you’re using has the proper security protocols and that you’re doing your part to keep your passwords strong and secret.
Use Traklight's IP Vault for the secure solution to your cloud storage dilemma. With time-stamped documentation, permissions setup on files and file sharing, and more, never send confidential files over unsecure emails again.