Dropbox Drops the Ball on Security

The Internet Patrol - Patrolling the Internet for You

While Dropbox file-sharing service is intended to be a mostly consumer-based product, many companies use it as a means to share files between employees. The problem with using cloud-based services, such as Dropbox, for business purposes is that businesses don’t have proper controls over the data stored in the cloud. This was driven home this week when Dropbox announced that an employee’s password was stolen and the hackers made off with some sensitive information, including user email addresses which led to the spamming of Dropbox’s European user-base. Further investigation found that Dropbox accounts were accessed with usernames and passwords taken from other websites, meaning that the users were using the same log in information for several websites.

Their seems to be some discrepancy in these reports, with Dropbox saying that their systems were *not* hacked, and that the spam attack was based on a stolen employee password and the discovery of users using the same credentials for several sites, but some users who were on the receiving-end of the spam emails are maintaining that they used unique email addresses for their Dropbox accounts, so the Dropbox systems must have been hacked.

The allure of the convenience of Dropbox to many companies is not accidental, just last year Dropbox launched its paid service for businesses called Dropbox for Teams. Nevertheless, many are still wary of using it for reasons other than basic consumer needs due to its lack of proper security measures. Even with the security measures that they are now adding in light of the spam-causing privacy breach, including a page that will now show a log of user activity, two-factor authentication, and stale password change prompts, some say that these are measures that should have been in place to begin with, and this shows that Dropbox may not quite be up to snuff for professional use just yet.

If your company relies heavily on a cloud-based system for data storage and sharing, it is highly encouraged that your company uses software such as Cipher Cloud (www.ciphercloud.com), to encrypt data prior to it being stored in the cloud.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.