How secure is Dropbox?

We look at how secure Dropbox is as part of our wider cloud storage roundup

Dropbox enjoyed popularity among consumers as an easy-to-use file storage suite, although it has shifted towards the enterprise market in recent years.

During that time, Dropbox has also improved its security protocols in response to growing threats online, including the encryption of data in transit using secure sockets layer (SSL), and at rest using AES-256 bit encryption. The platform also has stolen and lost device protection, allowing you to unlink devices from your account on the fly.

Business users get some extra features, including the option to set permissions for file collaboration and enable password protection and expirations to any shared links.

Dropbox employees are unable to view the content of your files, although the company does have the mechanism to access files if required to do so, such as during a legal investigation. Metadata is accessible by employees too, normally as part of tech support.

History of Dropbox hacking

Major Dropbox hacks have been few and far between, although those that occur proved to be particularly damaging for the company.

The first happened in 2012 when a compromised password was used to access a Dropbox account owned by an employee. At the time, Dropbox said the hack provided an intruder with access to documents containing a handful of customer email addresses, which became the target of phishing attacks. This prompted Dropbox to add two-factor authentication to account logins.

However, in 2016 it was revealed that the hack was much larger than previously thought, with a dumped database of 68 million passwords being leaked online that was said to stem from the initial 2012 breach. Dropbox said at the time that there were no indications that user accounts had been compromised following the incident.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021
Cryptocurrency crimes have increased 12-fold since 2016
cryptocurrencies

Cryptocurrency crimes have increased 12-fold since 2016

22 Jun 2021
NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021