Dropbox bolsters security: Will businesses be wary?

Dropbox bolsters security: Will businesses be wary?

Summary: Dropbox detailed how customer accounts were hijacked. It's unclear how Dropbox for Teams will be impacted, but at the very least IT buyers will examine the company's security features a bit more.

TOPICS: Cloud, Security, Storage

Dropbox outlined that how customer accounts were hijacked resulting in a barrage of spam in some cases. The cloud storage provider added new security features, but it's unclear whether businesses will pause their Dropbox usage.

Although Dropbox isn't as enterprise focused as Box, courting businesses and teams within corporations are a big part of the company's growth strategy.

In many cases, security is a bit of a red herring in cloud services, but if incidents pile up there are serious perception issues.

According to a blog post, Dropbox noted that it recently found that usernames and passwords stolen from other Web sites were used to log into select accounts. A stolen password was used to access an employee Dropbox account. That account had a document with user email addresses, which proved to be a treasure trove for hijackers.

Dropbox noted that it was "sorry about this" and put in controls to prevent something similar from happening. Dropbox said it will add two-factor authentication as well as automated features to find suspicious activity.

Passwords continue to be the weak link, but the leakage of user accounts via an employee password is a black eye for Dropbox.

Dropbox's primary vehicle for corporations is Dropbox for Teams. The service features encryption, availability and user management among other items. However, the headlines generated by Dropbox's password issue are likely to be remembered. At the least, businesses will put Dropbox through a few security paces.

It's worth checking out the security overview from both Dropbox and Box. Here's a look at Box's security architecture.


Topics: Cloud, Security, Storage

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • SkyDrive

    I recommend the above.
    Tim Acheson
  • Promises, promises.

    After last year's embarrassing data breaches, Dropbox promised to implement additional safeguards "to prevent this from happening again." Whoops, it just happened again…
    Here are my thoughts on the breach: http://jacksonshaw.blogspot.ca/2012/08/will-third-time-be-charm-for-dropbox.html
  • Security? What Security?

    Sorry but the big public cloud services never have had any security whatsoever. I know I keep going on about how prospective users must read the terms of service (TOS), FAQ's, privacy policy and whatever else you can find on their websites. Things you will learn:

    1) They are NOT compliant with HIPAA so good luck if you are a doctor
    2) They are not CJIS compliant so if you are a lawyer or a policeman, forget that too.
    3) They read everything you upload. All electronically and many by human viewing
    4) They claim that you are giving them the rights to do whatever they want with your data including modify, view, or PUBLICLY display your data.
    5) YOU must have the rights to give them these rights.
    6) They are allowed to share your data with third-party affiliates.

    So, if the data you are uploading iis safe enough to be displayed on the front page of a national newspaper, then go for it. If it's something you don't want anyone to see but you, then I'd find something else. We are looking at Box but we can't do anything unless they are certified by CJIS to be able to hold criminal data. I'll believe it will happen when I see it happen, though.

    I'll bet the people who were affected got nothing out of this as they were told that Dropbox was not responsible for their data. Just read it on their website.
  • At least they're being open and honest about it.

    At least they're being open and honest about it. Which IMO is a lot better than what others have done. Honestly, their honesty makes me trust them more, not less.
  • all a lie

    I can't believe what I'm reading anymore! Maybe some addresses were stolen but the problem is that we don't know who did it. Seriously I'm starting to think Drpbox made up this whole story just to advertise without paying. Look at it it's all over the press.
    Then they give explanations like: "look at us we're humans too, we make mistakes, but look at how efficient we're becoming".
    Anyway..not entending to advertise or anything but I've stopped using Drpbox for a while now and I'm on something way ahead but not very well known: Bajoo.
  • no cloud is sure, just protect the data itself

    you can protect the date if you dont want anyone to read it. I use boxcryptor. I found it half price on http://www.limeapp.com/en/offre-du-jour/144-protect-your-files-boxcryptor-personal.html . Plus it works with other cloud storage services so data is secure everywhere.
    Charles Andre