Dropbox is the most popular cloud file sharing platform in the world. More than 500 million users use Dropbox each month and share more than 1 billion files daily. This is a staggering amount of data sharing on the platform but, is Dropbox providing ample security to its customers?

A troubled history

Dropbox security was compromised by its own mistakes back in 2011 when it pushed a not enough reviewed and tested update to its platform. The update had a major bug which allowed user accounts to be accessed with any password. The flaw was online for more than 4 hours and compromised approximately 1 million accounts back then. While hackers have to work tirelessly to break through the defenses of online security to get inside a system, Dropbox opened the door for them for nearly 5 hours.

This caused havoc in the online community because not only 200 million users were at risk, 8 million business customers with highly sensitive data were also compromised. 97% of the Fortune 500 companies use Dropbox daily and this flaw in the system questions the security of all cloud storage services. This bug arrived at a crucial time when both Apple and Google were asking their customers to store their personal data on their cloud storage services. The compromise in Dropbox’s security was a timely reminder that why we shouldn’t rely on these companies to protect our data.

Lack of security, lack of communication

The major concern with these security breaches is the lack of communication with the users. Most companies in the modern era rely on their brand value and if news like these get out in the open their share prices crumble drastically. Sony waited for days to inform their customers about the hack and Dropbox itself did not communicate the problem properly to its customers. Instead it regarded the bug as a brief glitch, when opening up doors to user accounts is not at all a brief glitch instead it is a major lack of security.

Four years later, Dropbox revealed that they underestimated the impact of that bug and instead of 1 million accounts, more than 68 million accounts were compromised. An even embarrassing situation because it took the company four years to calculate, or at least to publish, the impact of just four hours of lack of security. This has caused outraged amongst the users especially businesses because they use Dropbox to share extremely important information each day.

This is just one security flaw we are talking about, imagine what ten breaches can do to Dropbox. Christopher Soghoian[1] also revealed that Dropbox lied to its customers about employees not having access to their files. In reality, some employees do see what users upload on their Dropbox account. This is considered a privacy breach and users could even take Dropbox to court over this.

Other companies such as Apple, Google and Microsoft have taken precautions to prevent security lapses like the ones with Dropbox but nothing is guaranteed. Lack of proper encryption to protect the user’s privacy on these services is a major concern for businesses.

Do it yourself

The best way to transfer your data is using end-to-end encryption where only the sender and the receiver can access the information, and not the service provider. Nevertheless Dropbox does not provide end-to-end encryption to your files which means that they can see your information. Secondly, Dropbox keeps your file data for as little as 30 days or as long as 1 year depending on your subscription. It means that even when you delete your files from Dropbox there will always be the concern that a hack in one of the platform’s servers will result in your data being stolen. It is always better to take matters into your hands and encrypt your data before uploading to Dropbox and alike services. SMiD Cloud does exactly that, it encrypts your data with 256-bit AES encryption before uploading them on any cloud storage service, and all cryptographic keys are generated, used and maintained within it.

[1] https://www.wired.com/2011/05/dropbox-ftc/

Share This