 Dropbox is currently one of the industry leaders in cloud storage, alongside products like RapidShare, Google Drive and MediaFire. But when Dropbox became the target of a fairly major spam attack, even those that promote cloud computing had to admit that cloud storage poses a real security issue for IT professionals.
Dropbox is currently one of the industry leaders in cloud storage, alongside products like RapidShare, Google Drive and MediaFire. But when Dropbox became the target of a fairly major spam attack, even those that promote cloud computing had to admit that cloud storage poses a real security issue for IT professionals.
The spam attack that Dropbox users experienced was traced back to the source, specifically one particular user who didn’t follow the basic rules of password security. A hacker snagged several users’ log-in information off a wide range of site, including the info of a current Dropbox employee, and discovered that employee used the same password and login for his Dropbox account as he did on the other sites. He accessed the employee Dropbox account and discovered a document filed with email addresses for other users. The result was tons of spam messages pushing Dropbox users to gambling sites.
Although this problem was fairly minor in the grand scheme of things, it underlines the larger problem. Something much more sinister could have been introduced to the system, or the hacker could have figured out how to access some of the data stored on the Dropbox cloud. It starts with the individual’s misuse of passwords, but it also suggests that cloud storage employees may not be taking their responsibilities as seriously as they should.
This time it was a list of emails, and that list was included without an additional password or any sort of encryption. Next time it could be government paperwork, or banking and medical records. Dropbox responded strongly to the issue, declaring they will instantly be incorporating security changes.
Those changes will include an additional piece of identity proof during the sign-in authentication process, automated checks through the system searching out suspicious actions, a way for users to review their log-in history, and frequent requests to change passwords.
It’s never going to be foolproof, but it is a solid step in the right direction. IT administrators will need to take a lesson from the Dropbox fiasco, and remind their coworkers about the need for heightened security. With billions of files now stored on the cloud, there’s simply too much data at risk to stand idly by.