Forensic examination at Dropbox being conducted because of security breach.
The news this week has Dropbox hiring security experts because spam emails were sent to and received by some Dropbox users. That does not sound like it is all that different from what we all get everyday. But in this case, the email addresses receiving these were reserved exclusively for use at Dropbox and no where else by some. That would mean that someone was able to gain access to a list of Dropbox user's email addresses. And that is a huge breach being reported. This is another problem in the cloud and one that should make everyone a little more concerned about just how secure the cloud actually is.
At the moment, we do not know the specifics of what actually resulted from the security breach and how much information was compromised. The reports of the breach and spam emails has many talking this week about the cloud and security. The sharp rise in spam emails to addresses being used only for Dropbox is causing concern among many. Dropbox is reassuring everyone that there has been no breach of data which is being stored by them.
Unfortunately, it is difficult to accept that as they still have not determined how someone might have been able to gain access to the list of email addresses. And this has been going on for close to 2 days as they investigate exactly how someone was able to gain access and get email addresses. The bigger concern of gaining access to data or accounts has not been specifically stated as not having happened. At this point, many are very concerned about the security of their account.
This comes about a year after another breach in security at Dropbox. In that situation, Dropbox had made a software change which essentially removed the need for a password. All you needed to know was a valid email address and you were in. While that one only last 4 hours, it does highlight just how easy it is for something to go wrong.
Dropbox is used all over the world and some are saying it is being used inside some locations where privacy and security are very important. As an example, Apple and NASA are listed as having Dropbox being used by employees to move data around. And it is that usage which does have the potential to open computers up if someone were to completely breach the internals at Dropbox and figure out how to do far more damage. It is an unknown as to what the potential for this kind of thing is. And yet, we are being told that the data is secure.
The cloud has turned into this huge entity which we all rely on everyday without really realizing it. From your mobile device that is doing backups into the cloud to the large volume of web sites and business operating on the cloud. Our reliance on the cloud has created a situation where everything is now more centralized than ever before. If someone is able to breach the security at a cloud location, they have much more information to grab then before when things were widely distributed.
We can hope that Dropbox is able to specifically identify exactly what was taken, how it was done and then plug the hole in security which allowed it to happen. They have a very limited time window to complete this activity before users of Dropbox begin to become very concerned. And it is the security of their data in the cloud that they are and should be most concerned about.
No comments:
Post a Comment