Dropbox Isn’t As Secure As You Think

Shocking, right? Where does such a bold claim come from? Dropbox services over 100,000 businesses and 300,000,000 users. The company reports users upload over 1 billion files every 24 hours, and 97% of Fortune 500 companies utilize some form of the service. What do the millions of users need to know about Dropbox? Dropbox is not as secure as you think.

Let’s Talk About the Issues

Claims about security lapses are nothing new to Dropbox. A “potential” security lapse occurred in 2011 when users could access other accounts without passwords, followed by a handful of ambiguous statements made by the company when the event occurred, to the 2012 intrusion that resulted in Dropbox users being spammed. Not to mention the appointment of Condoleezza Rice in 2014, the very person who worked under an administration that supported and encouraged NSA data-collection strategies.

In 2014, Dropbox faced yet another black eye. In October 2014, rumors circulated the Internet warning of a data breach within Dropbox. Although the research proving a data beach simply did not exist, as the original announcement was posted on Pastebin, the damage was done. An anonymous entry on Pastebin suggested that the hacker had access to login information and credentials for over 7 million Dropbox users. The claims consumed the Internet like a firestorm, which promoted Dropbox to release a statement about the “hack.” The company outright dismissed the claims, saying the claims “weren’t true.” Dropbox reassured the media, the clients, and the naysayers that the email accounts listed for sale were not associated with active Dropbox accounts.

What is the Takeaway?

So if Dropbox backs up each issue with confidence and claims that the service is in fact safe, what is the takeaway from all of this? What can Dropbox tell you about your own privacy, your cloud-based accounts and your vulnerability? The answer: You never know. What Dropbox should teach users is that cloud-based services must provide maximum protection as well as transparency. How can you keep yourself and your data safe?

  • Do your research about the remote service you and/or your company plan(s) to use. Know the ins and outs, the security provisions and parameters, and the news headlines about the cloud-based service.
  • Do not use the same password for all your accounts, and whatever password you do use should not be one that can be guessed easily.
  • Enable a two-step verification process that requires you to input both a password and verification code. When the password is entered online, a verification code is sent to your mobile device and must be entered as well to access the cloud-based account.
  • Remove authorized devices used to access your account when you log out.
  • Enable mobile or email notifications
  • If you are running a business, do not rely on personal cloud-based services to protect your data and IT system.