Dropbox Drops the Ball

Dropbox screwed up and left everyone's account unlocked for a period of about 4 hours after a software upgrade.

700 0
700 0

It appears that Dropbox dropped the ball in a big way and left everyone’s account unlocked for a period of about 4 hours after a software upgrade.

You can read more details here:

CNN – Dropbox leaves user accounts unlocked for 4 hours

Security Beacon is generally a fan of Dropbox because it makes it easy to share files between multiple computers or with family, friends and coworkers.  In a previous post I suggested that Dropbox can be used to improve security since files shared in Dropbox are much more secure than files sent in open (i.e. unencrypted) e-mail attachments.  Despite this most recent fumble by Dropbox Security Beacon still believes that the Dropbox approach is superior to open e-mail attachments. On the other hand, the breach definitely tells us that we shouldn’t trust Dropbox or anyone else to protect really important data in the cloud. If you want to use Dropbox for sensitive files Security Beacon highly recommends encrypting the files with a strong password or certificate prior to putting them in your Dropbox folder. By using this strategy, you retain the flexibility of Dropbox without completely trusting Dropbox with your sensitive information.

This also should remind you that all cloud hosted applications are vulnerable to hack’s, persistent attacks, and plain old mistakes from vendors.  If you put data on the web, assume someone can get access to it.  Plan accordingly.

In this article

Join the Conversation