Dropbox drops the ball
A month ago, we made a shocking discovery. One Dropbox user could see all of another user’s photos (a teen girl, nonetheless) in his upload file without explanation. We explored all of the possible causes and debunked the theories as to how it happened and the only conclusion is that Dropbox has a security issue.
So we reached out to Dropbox with the user’s name and various questions before publishing a story on the topic, and afterwards emailed to let them know it had become public.
Their response? A request for phone call. Standard fare in the public relations world. As the author and News Director here, I happened to be unavailable when they responded, so I offered to answer any questions over email or publish their official, unedited statement.
We also offered to simply be carbon copied into a conversation with the account holder who was eager to work with them to resolve the issue.
Dropbox’s response
After a brief email exchange, they opted not to respond to us. They made no statement and offered no explanation. That remains the case.
We have waited and hoped they would silently resolve the issue and hope it blows over, which is more standard fare for tech companies.
Unfortunately, the user says no one at Dropbox has reached out to him, and he can still see the other user’s photos, some of which are scantily clad young women. He says he has reached out multiple times and been ignored for over six months.
If Dropbox refuses to address, what should YOU do?
Given this issue, can you be 100% certain that your own uploads are completely secure? How could you possibly know that another user can’t see your photos in their upload file?
We recommend that all readers review what files and photos they have on their Dropbox account and consider what would happen if someone else could see them. If you’re storing anything sensitive there, it might be time to reconsider, especially given Dropbox’s history of problems.
Again, this serves as a stark reminder that nothing online is completely secure, and while Dropbox is known to be one of the best options around, if you have sensitive files or photos, you need to more carefully consider where you’re storing them.
#DropboxInsecurity
