The Dropbox 4 Hour Security Hole

When it comes to web services, just like in normal business, whichever product serves a greater need is the one that people are going to go crazy over. And if a large amount of people feel that they need the service that you provide then you are going to be a hit in no time at all. That is what happened to the web service that is known as DropBox. They were able to become the darlings of the internet in several different ways. They were nicely designed and they filled a need that a lot of people had but not everyone knew that they did.

The Dropbox 4 Hour Security Hole

So what was the need that Dropbox filled?

DropBox was able to make sure that people were always able to access their files no matter what computer that they were on. Sure there were other ways to do this but none were as easy and as efficient as the way Dropbox proposed. All you had to do to share files on each computer that you used was to install the program on that computer and create a folder for the files. As long as each computer had the Dropbox software installed and you are able to log in then that means you have and can work on the files no matter which computer you used.

A lot of the people who used the service started to do so in ever more creative ways. They found that since the Dropbox folder works the same as a normal folder, they could use it as a way to not only share files but to also keep older versions of files as well. Dropbox has a versioning system already built inside of it that main purpose was to recover a file that was saved over when it was not supposed to be. But instead of using it for that purpose, people used it as a versioning system just like they would with GIT or SVN.

Overall users found that the software was very useful and like I said earlier in the article, the popularity of it really took off. What started as a geek only fascination became something that the average ordinary user would use. But recently there have been problems with the Dropbox service. While there have been problems and security lapses before, the most recent problems have put people on edge about the service itself with a lot of them promising that they will not come back.

What was the problem with Dropbox?

The people who started to use the service became so trusting of it that they started to place a lot of documents on there that were considered very sensitive. While this is understandable because a lot of the work that we would need to do with a service like Dropbox would be considered sensitive work, we still have to understand that we are taking a risk when we place these types of files on a cloud web service. So recently there was a hole in the service in which anyone could go into another person’s Dropbox service. Basically this means that for four hours no-one’s password worked when it came to Dropbox. While a 4 hour hole is not that big, it is still big enough for some people to have a lot of sensitive data taken away from them. While very few people were actually affected by the hole in the software, the fact that such a gaping hole even existed was enough to put most of the users of the Dropbox service on edge. This was especially true of users in the security community. They were the ones who made the biggest noise about the hole because they knew what kind of damage can come from a security breach like that.

So while the hole did not last long, the fact that something like that could even happen really shook up the people who were using the service and depended on it both being reliable and secure. And even now there are things happening that are shaking the faith of people who use the service even more. After the breach in security, they changed some of the wording of the Terms of service to terms that were unacceptable to a lot of users. This was considered the second strike by a lot of people.

The problems with Dropbox just prove that no matter how reliable any service is right now; just remember that it can fail on you at any minute. So just remember to back up your data and if it is that important, keep it encrypted.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*