There are countless benefits to using cloud storage, and as we show in our Dropbox review, it isn’t a market leader for nothing. However, if you’re not careful, you risk anyone being able to access everything that you’ve stored. In this article, we will be looking through Dropbox’s history and policies to determine how well it can secure your data.
Simply put, if security is your main concern, you should look at our list of the best Dropbox alternatives. This is because Dropbox retains the right to access your information, and it can do this because the encryption isn’t zero-knowledge. There also isn’t a clean history that can prove it’s a secure cloud storage service.
Dropbox does still use some good security tools, with the AES 256-bit encryption for data at rest and AES 128-bit encryption for data in transit (read our guide on what AES is). Documents like the Dropbox security whitepaper outline how Dropbox Business protects its users’ devices, but there isn’t an equivalent for the security of personal files.
Previous Dropbox Security Issues and Breaches
Dropbox has been around for almost 13 years and has more than 600 million users. During this time, there hasn’t been a shortage of problems. Hackers caused some of these, but they all show the issue is with how this cloud service deals with user data.
The first mistake was in 2011, when an error in an update allowed anyone to access any Dropbox account with only the email address. There was a fix within four hours, but the update shouldn’t have gone live without proper testing.
The next major problem was a severe data breach in 2012. This leak ended up revealing the emails and passwords of 68 million users, and until 2016 Dropbox believed that only the email addresses were compromised. In response to this Dropbox security breach, the service made a public blog post and added some security upgrades.
At this time, anyone with potentially compromised details received a prompt asking them to change their password. However, we don’t know how many accounts the hackers accessed before the implementation of extra security measures. Options such as two-step verification became available, and the security tab also gained the ability to log out other devices.
The 2012 leak was due to an employee’s compromised Dropbox account, and in 2014 there was criticism around employees having access to encryption keys. However, there was no policy change here, and your files can still be decrypted and viewed at any time.
After the Dropbox security breach, there were no known major problems until 2017, when users saw deleted files reappear on their accounts. Supposedly this was caused by an error that didn’t remove some files, and when fixing it, a mistake led to these files being sent back to users. This means that some data from six years ago was never deleted and was vulnerable to a leak.
Why Does Dropbox Keep Having Security Problems?
In order for Dropbox to interact with other apps, data needs to move freely between the two companies. If the files needed to first be decrypted by your device, the whole process would slow down. To get around this, Dropbox holds on to your encryption key so they can look at your files whenever they want.
However, other services use zero-knowledge encryption, where your password is a secret and no one else can access your files. This slows down most processes, but it also makes it harder for governments and hackers to snoop through your stuff because even the host company doesn’t know what you’ve stored there.
Dropbox’s headquarters are in the U.S., which is another potential security problem. Some U.S. laws, such as the Patriot Act, give agencies the ability to demand access to your data. If Dropbox couldn’t see what you’ve stored, this wouldn’t be a problem. However, as it stands, your files would be at less risk with a company based somewhere with stronger cloud privacy laws.
Simple Ways to Secure Your Data
If you want to protect your files, you could always move to another provider. Our article comparing Dropbox vs Google Drive vs OneDrive compares the big three, but you would need to look somewhere else for a true zero-knowledge cloud service.
To secure Dropbox and get the privacy this service doesn’t already offer, you should look at third-party encryption software. These protect your files before you use cloud storage, and the keys are held on your devices so you know everything is safe.
One of our favorite pieces of encryption software is Boxcryptor. It keeps no information about its users and can protect any files from almost any attack. Although no software is perfect and nothing is ever risk-free, programs like Boxcryptor are a step in the right direction.
Another option for keeping your data hidden is NordLocker from Tefincom, the company that develops NordVPN. Although it’s a newer service, NordLocker sounded impressive enough to give it a shot, and it didn’t let us down. Its protection is among the best, even if it’s a tad light on features. You can find out more information about this encryption software in our NordLocker review.
Is Dropbox Secure?
With basic protections, such as two-step verification, your information isn’t open to every prying eye. As long as you make sure your Dropbox account is using these systems and you use a randomly generated, secure password, most people shouldn’t have any serious problems with Dropbox.
However, if you don’t like the security risk that Dropbox creates and don’t want to use alternative services like iCloud Drive or Sync.com, there are ways to add an extra layer of protection. By separately encrypting your data and using unique passwords, you can help keep your data safe, although these practices are good ideas regardless of the security a service provides.
What do you think of Dropbox’s security? Let us know your thoughts in the comments below. Thanks for reading.
Dropbox’s Security FAQ
- Everything that’s connected to the internet has the risk of being hacked. Although it does use industry-standard protections to make it harder for a hacker to gain access, anyone could get your encryption key because Dropbox stores it alongside your data. If you have files you don’t want to risk, we don’t recommend using Dropbox alone.
- Some email services will encrypt your messages, but most providers still have flaws in how they store and access the data. Email doesn’t prioritize privacy, so Dropbox will be a better place to send files to other people. However, you will lose the simplicity of email without getting the security that other services offer.