Dropbox Hacked, Snowden says “Get Rid of it”
As some of you might have heard, Monday night nearly 7 million usernames and passwords from Dropbox, the free cloud service for storing your photos, videos, and documents across devices, were stolen and leaked onto the internet. According to Dropbox, there was no breach in their actual system, but were the account usernames hacked from third party services. And there are so many of these third party services that it is impossible to track down the service(s) that were hacked. This is an apparent downside to integration. Without allowing third parties to integrate your product or service, you will not get the network effects and Word of Mouth benefits that you usually get from it. But if these third services get hacked and your user account information is leaked, it is not (only) the reputation of the third party services that gets affected, but yours. To play safe, it would be a wise decision to change your Dropbox password. The process doesn’t take long and is well worth it.
Coincedently, the (in)famous Edward Snowden made a comment about their privacy a few days earlier. Snowden is a former contractor for the CIA, who left the US in after leaking to the media details of extensive internet and phone surveillance by American intelligence. Snowden, who has been granted temporary asylum in Russia, faces espionage charges over his actions.
A few days prior to this, Edward Snowden stated that if users value their privacy, they should delete their dropbox account.He said that this is because they do not support encryption, which dropbpx denies. Snowden also came with an alternative file storage program quickly: he says SpiderOak should be the user’s preferred system. This service encripts the data while it is actually on your computer, while Dropbox does this while the data is on the company’s servers or “in transit”. So Snowden does seem to have a point.
But still, it might be questionable what Snowden’s motives are. Maybe he has a friend at SpiderOak, or a grudge against Dropbox? Eitherway, it would probably be a good move for Dropbox to make sure they also encrypt the data, since it is always better to accept the critique and solve it than resist it. Whether it was really Dropbox fault or not, the hacked accounts are still their responsibility. And their responsibility to solve. Maybe they should re-assess their integration policies and select the services that can integrate Dropbox more strictly, or seriously consider the other encryption method to work SpiderOak out of the market.