Are your Dropbox files visible in another users’ account?
Imagine opening your private Dropbox account where you keep your highly sensitive client documents, or maybe your banking information, your childrens’ medical records, or God forbid you have inappropriate pictures of yourself. And in that account, you see batches of files that aren’t familiar to you.
You’re searching for some pictures of the time you saw your friend’s band play, but instead, your camera uploads folder is peppered with dozens of pictures of a teen girl with her scantily clad friends. You see screenshots from text message conversations you’ve never seen before in your life and certainly didn’t have.
You haven’t sold any devices that had your Dropbox account on them, and you never got an invitation to view any shared folders in your camera uploads, so confusion sets in.
What do you do?
What then? Do you call the cops? Do you reach out to Dropbox? Do you freak out that your own files, those most sensitive documents, are on someone else’s account?
One user is going through this very same problem, and have been met with silence when protesting to the Dropbox team. He typically keeps a large screen in his office on “random” mode to show pictures from his Dropbox account, which suddenly is swarmed with pictures that any preliminary investigation by Dropbox could see were clearly not uploaded by any of his IP addresses.
So we asked Dropbox, is this glitch isolated? Are other accounts affected? Is this a new problem or a long term issue Dropbox has struggled with? What should other users do if they find content in their account that is clearly not theirs?
Could this be a problem with permissions? Perhaps an issue with iCloud? Maybe a smidge of both? Maybe neither? Maybe an isolated incident?
As of publication, there has been no response, just as there was silence when the user reached out about the issue various times during the last year.
Dropbox has a history of problems
Despite raising $1.1 billion in six rounds of funding, the eight year old brand has over 400 million users and is the clear favorite (even the team here relies upon it). They’re the darling of cloud storage, hands down.
They say that over one billion files are saved to Dropbox every hour and is used by 97 percent of Fortune 500 companies.
Imagine being the CEO of one of those Forutne 500 companies, let’s say Verizon; and you open your Dropbox account to see private photos of Sprint projects co-mingled with your camera uploads. Bingo! But wait, can they see yours? Can AT&T? You probably panic and call in the troops. Sure, there are ways you can protect and back up your cloud data, but not necessarily if a glitch has users’ accounts visible to other users.
Hector Salcedo at the Credeon Blog summarizes Dropbox’s spotty past succinctly:
“Unfortunately for business users, Dropbox is also the most targeted cloud service by hackers and thieves. Remember when hackers held 7 million Dropbox passwords ransom? Not only is Dropbox prone to cyber-attacks, but they also suffer from bugs and leaving open doors. In October 2014, Dropbox released an update with a bug that deleted user files, making backup on Dropbox inadequate for business. File deletion!? Then what’s the point of storing files in the cloud anyway?”
Salcedo continues, “Prior to this incident, a cloud-based file locker, Intralinks, found that Dropbox users were unknowingly allowing private data to be read by third parties as their files were being indexed by search engines. Links that you may have shared with other colleagues were being indexed by Google, Yahoo! and Bing, and if competitors searched for a matching keyword on your link, they could click and open your files without you knowing. As you can see saving sensitive company information with Dropbox offers significant risk for business users.”
There are a bevy of reasons this could be happening and could even be isolated, and Dropbox has been provided with the user’s information to investigate. But for now, this serves as a stark reminder that no service is perfect or invulnerable – not Dropbox, not email, not even paper files.