I’m sure everyone has used Dropbox to upload important documents, and priceless photos that they would like to have access to anywhere, forever, right? Dropbox is a free, cloud based storage service that allows users to upload documents, photos, and videos using a computer, and share them using a tablet or mobile device. This file hosting service is used by over 175,000 people around the world including in some businesses. But what if I told you that your private files can be hacked?
About a year ago, Dropbox was hacked, which prompted the company to add extra security protection such as encryption and “two factor authentication” which were put in place as enhancements. Well, it seems as if that extra security protection that was added, wasn't as great as Dropbox thought it was.
Two security researchers named Przemyslaw Wegrzyn and Dhiru Kholia were able to zoom past Dropbox’s security features, access users files, then published a paper on how it was possible! Crazy right? First thing first, the researchers disabled the two protections that were put in place, then tried “reverse engineering” which allowed them to look at the programming code that Dropbox uses. Although the researchers shouldn't have been able to view the programming code, they were successful. The whole idea was to protect Dropbox and share with the company on how to be more secure.
Since the published paper, in April of 2014, Dropbox has tightened security and added multiple updates to “Dropbox for Business”, which will target businesses and IT professionals who will administer the service. But is it enough?
This case is just another way to remind you that internet safety and security is very important. Be careful when using sensitive information on the web, and on different web applications. You will never know when your information may become compromised.
Dropbox is still the leader in cloud based storage service.
To read the published article "Looking inside the (Drop) box", click here.
References: