In 2012, cloud storage firm Dropbox was hacked with over two-thirds of its users’ details dumped all over the internet. While the company initially thought a collection of email addresses was the only thing stolen, it was wrong — passwords had been compromised as well. If you are currently using Dropbox, it may be time to reconsider. This new information came to light when the database was picked up by a security notification service. So it may be time to move away from Dropbox and seek a more secure solution.
Despite the unfortunate incident, Dropbox has implemented a thorough threat-monitoring analysis and investigation, and has found no indication that user accounts were improperly accessed. However, this doesn’t mean you’re 100 percent in the clear.
What You Need to Do
As a precaution, Dropbox has emailed all users believed to have been affected by the security breach, and completed a password-reset for them. This ensures that even if these passwords had been cracked, they couldn’t be used to access Dropbox accounts. However, if you signed up for the platform prior to mid-2012 and haven’t updated your password since, you’ll be prompted to do so the next time you sign in. All you have to do is choose a new password that meets Dropbox’s minimum security requirements, a task assisted by their “strength meter.” The company also recommends using its two-step authentication feature when you reset your password.
Apart from that, if you used your Dropbox password on other sites before mid-2012 — whether for Facebook, YouTube or any other online platform — you should change your password on those services as well. Since most of us reuse passwords, the first thing any hacker does after acquiring stolen passwords is try them on the most popular account-based sites.
Dropbox’s Ongoing Security Practices
Dropbox’s security team is working to improve its monitoring process for compromises, abuses, and suspicious activities. It has also implemented a broad set of controls, including independent security audits and certifications, threat intelligence, and bug bounties for white hat hackers. Bug bounties is a program whereby Dropbox provides monetary rewards, from $216 up to $10,000, to people who report vulnerabilities before malicious hackers can exploit them. Not only that, but the company has also built open-source tools such as zxcvbn, a password strength estimator, and bcrypt, a password hashing function to ensure that a similar breach doesn’t happen again.
Is It Enough?
At WAMS, we have never recommended using Dropbox for business; especially not for law firms. Dropbox is working to become more secure and we are happy for the sake of its users that the company is taking security more seriously, but at the end of the day it is not the best solution for your documents and your files. The company is not held to the same compliance laws and it is not WAMS’s recommended solution for document management. Give us a call at 800-421-7151 to discuss moving you to a safer solution and to learn more about keeping your online accounts secure.