Around 200 Million users worldwide, that’s an impressive number. However, over the years Dropbox's security has been plagued with issues.
Which begs the question: how secure is the service? Security is important to all users; however, it appears that Dropbox doesn’t have the same protocols in place for individual accounts as they do for enterprise level clients.
According to their site, personal cloud consumers have SSL and AES-256 encryption, yet it says nothing of this customer group receiving the same strenuous audits that business accounts do. Instead, holes in the system have formed.
Dropbox Security Holes
In May, several private documents were leaked online thanks to a security issue with shared links. The problem was that those not given access to specific documents were still able to open them. Some of the leaked information was viewed by people who entered similar keywords into a search engine.
These files were brought up as part of the results.
To make matters worse, instead of just coming out and warning customers of the problem while they worked to correct it, Dropbox simply deactivated hyperlinks. This isn’t securing the site; it’s upsetting many clients by turning one of their most useful features into a useless waste of time. When confronted by the angry customer base, a statement was issued about the breech.
They also began allowing blocked links to be active again.
It’s widely known, the cloud company scans data for copyrighted information and possibly dangerous files. As Dropbox reactivated the use of links, accounts started being used for phishing schemes. Once again, hyperlinks with in all PDFs were locked out to prevent users from being victimized. It was a knee jerk reaction to the problem. Those documents could have been the only ones disabled.
Because Dropbox owns all encryption keys, it can make them targets of some sophisticated hackers who aim to steal information. With all the security issues the company has had exposed, it is merely a matter of time before this data is compromised.
In all fairness, Dropbox has made some radical changes in the last year or so. They have purchased startups left and right, including one that should help beef up their security. The cloud service is executing SSAE 16 SOC audits routinely for business customers.
Yet, there is still have a long way to go. Those who want complete anonymity of files are going to realize, the company can still look at their files in order to determine if they’re violating copyright law. Users are not allowed to make their own encryption keys.
The Result . . .
There are ways Dropbox security could be improved. A start is to offer end-to-end encryption on all of their user data, not just enterprise level. The company should perform security audits on personal grade accounts as well in order to find other holes before they are exploited. Allowing clients to create, and own, encryption keys is another step.
These are just some of ways building trust and give customers peace of mind.
Some things that users could do to protect information: don’t open links to any document that isn’t expected. If something is shared and it wasn’t anticipated, ignore it. Don’t store personal information such as tax returns, social security numbers, dates of birth, or bank account information on a cloud site or hard disk drive.
If electronic copies of sensitive data are preferred, keep them on a removable drive that can be locked away.
Is Dropbox insecure? The truth is, they are just as secure (or not) as competitors with comparable infrastructures. Google Drive, OneDrive, and even Box are similarly prone to being exploited.
As one of the most popular cloud services, there is always going to be a more targeted effort to attack Dropbox’s infrastructure, because they have more of the data that hackers seek. Do you think Dropbox has dropped the ball or secured it well? Let us know in the comments below, and make sure you check out our online storage pricing comparison, too.