Dropbox is one of the most popular free cloud storage services available today. It also offers file syncing. This means that once you create a folder on your computer, you can view that folder on any computer, simply by accessing Dropbox. There is no doubt that cloud storage is here to stay; Apple’s iCloud, Google Drive and Microsoft’s Skydrive are the other popular cloud storage services.
While this system offers amazing storage space and this fantastic feature of anywhere-access, the safety aspect has always been a tad doubtful. Not that hacking attempts were not made before this,; but an online storage system that has stored data belonging to hundreds of users is probably too tempting for a hacker to pass up, and it probably makes their task a little simple.
What got everyone’s attention was that in the middle of July, some users started receiving spam at the email ids which they used specifically to access Dropbox. Users complained on discussion Forums about the spam they were flooded with. If we are to believe the tech grapevine, Dropbox initially denied that they had been hacked, but later called in private experts to do some digging. And what do you know? They reported that, Dropbox indeed had been hacked.
Spokespersons for Dropbox also acknowledged the same. They stated that an employee’s Dropbox account password was cracked and a document which listed users and their email ids was accessed by the hacker. Once they got their hands on these addresses they started spamming them. The good news is there were no signs that the users’ passwords were stolen too. In another hacking incident, some user accounts were also compromised. It is not completely known how much data was actually compromised and how many accounts were hacked.
This brings to the fore the uncomfortable thought that cloud storage is never going to be air-tight in security. Users would do well to remember that having one password for all your accounts is as good as telling a hacker, ‘Please hack my account!’
Operating an online storage service is not a price of cake; it requires a very high level of vigilance and constant monitoring. So obviously there has been some slacking off on the part of Dropbox. But to give them credit, they have recognized the need for greater security and have already introduced supplementary controls to ensure this. To curb suspicious activity Dropbox has introduced the following measures:
- Two Factor Authentication: that is you will be required to prove your identity beyond a simple password; probably a one-time use code that is sent to your phone.
- Automated systems that will help detect inappropriate activity, which will be added on and enhanced in a staggered manner.
- A new page where you will be able to check all the active logins to your account
- You may need to change your password if you’re logging in after a long time, or if you’ve been using the same password for way too long.
- While it’s laudable that the Company has taken immediate steps to enhance security, you can’t get rid of the strange feeling about what the Dropbox employee was doing with all these user ids in his account in the first place.
Author: This is a guest post by Samantha Kirk of mytechhelp.com, a site that offers savings and current information on Remote Tech Support.