It seems the popular cloud based file storage and collaboration service Dropbox has suffered an embarrassing security breach. According to reports, hackers have hijacked user account information and are currently using it to flood Dropbox customers with spam from foreign gambling sites. There is also a buzz in many tech forums that malware might have been deposited into user file folders as well. Once again, this is hearsay and we have no evidence of this at this time, but it wouldn’t shock me in the least if it were true.
Dropbox representatives state that no unauthorized account access has been reported so far. Who knows how true this statement is. I also wonder how many users would even know what unauthorized access looks like to report it anyway.
It is also rumored that a recent outage of the service was related to the hacker attack. Dropbox officials have denied this, but when there is smoke, there is usually fire. It seems rather likely to me that the two are related.
How do I Protect Myself?
As with any security breach of a cloud based services, the first thing you should do is change your account passwords. I would also suggest taking a look through your file folders and scan for anything that looks unfamiliar. If you do happen to come across file that seems strange, do not open it (I can’t stress this enough) and delete it immediately. If you store any sensitive data in Dropbox such as bank account information or passwords, I would also remove those files from Dropbox and change any passwords associated with those accounts.
Is Dropbox Safe and Secure?
Dropbox makes no qualms about what it is. It’s a consumer based product that does not meet stringent corporate security standards that for example are required by FINRA, HIPAA, etc. That’s why it’s cheap. It’s great for sharing files with your aunt and storing music and photos, but not so good for the storing and sharing of sensitive business data.
My advice – if you are using Dropbox for non-sensitive information, I wouldn’t worry so much. It’s a decent product for home use. If you store anything at all that contains sensitive data, bank account information, or client information, you need something that meets higher security standards.
Is the Cloud Secure?
Yes and no. For me, this is a lesson in cloud based services. Anything hosted in the cloud is always bigger target for hackers to attack. Hackers go after the easy targets that offer the big payoffs. In this case, the Dropbox severs contained a lot of personal data with minimal security. It’s effort versus reward in its most basic form.
The old rule of “you get what you pay for” applies here. Cheaper cloud services generally don’t have high levels of security. Costs have to be cut to keep the product inexpensive. Don’t get me wrong, we love the cloud and all of the flexibility it gives business owners. However, serious security considerations must be made when moving sensitive business data to the cloud and choosing a cloud service provider.