So today I read a nice little article about Dropbox being hacked again. They claim it was because of a third party leak that hackers were able to use email/password combinations to access some Dropbox accounts, and an employee account that contained user information. In the interest of Full disclosure, I’ll admit I have some Dropbox accounts, but unlike the average user anything I put in mine, I encrypt myself AND I never put anything confidential or sensitive inside my cloud account.
Today’s news however, makes me question even using the service at all. I have closed some of my non-essential accounts and I am debating stopping use of the service all together. Because of my job I have access to people much smarter than I, including those in law enforcement. A police forensic investigator let my department know that out of all the cloud solutions out there, iCloud is currently the only one he would use, because they WILL NOT give up user data to anyone, while literally all others will.
It scares me how quickly the companies we trust with our information, are willing to fold on us. The question that leaves us with is, is it even worth using services for cloud storage anyway? lets take a look at some of the basics of what it really means. With cloud based storage solutions, you are trusting your data to a third party, and in many cases they retain ownership rights to that data (Read the End User License Agreement). This means, if you use it for work any work related documents or information just left your company’s control which could be grounds for termination in many companies. If you use it for personal purposes, even if you delete the files in your accounts, they will still have copies of those files and will be able to read use them as they see fit, I know many of the cloud providers state they will not use your data, but they still have the ability too. Many times your connection information can also be found from your accounts if it was compromised, your computer names, your IP addresses, and the types of devices you use can all be of benefit to hackers and blackhats.
Many companies have policies against using Dropbox and other cloud services for security reasons, and that is of interest to me. There are a lot of times that companies over react to technology, but this is not a rare policy which when you read some of the license agreements you would understand why. I have no trust for third party services, I use them, but cautiously. My important data stays with me at all times, no exceptions.
I guess what I’m really trying to say with this post is be careful who and what you trust.