Is Dropbox secure? Here’s how Dropbox has improved its security measures, and what you can do to protect yourself

Dropbox app
Dropbox is a cloud storage and file hosting system that has previously received backlash over security concerns.

  • Dropbox is secure thanks in part to its 256-bit AES encryption, but the service has been hacked in the past.
  • Because Dropbox is relatively secure, the largest vulnerabilities are often the end users and their security hygiene. 
  • To be safe, you should enable two-factor authentication, be wary of public folder sharing, and consider using file-level encryption.
  • Visit Insider’s Tech Reference library for more stories.

Dropbox is one of the most popular cloud storage solutions in the world, supporting more than 14 million paying customers as of December 2019. Like most online services that have a long history dating back to the early days of the web, Dropbox’s past includes hacks and data breaches. 

The most infamous incident included the theft of more than 68 million account credentials in 2012 (hackers tried to sell this data in 2016), and the hack led to the company resetting passwords for millions of accounts in 2016. 

How Dropbox has increased its security level

In the years since, Dropbox has shored up its security substantially. Today the service’s 256-bit AES encryption and support for additional security tools like two-factor authentication is competitive.

Is Dropbox secure 1
Dropbox’s security is bolstered by 256-bit AES encryption.

The service authenticates all user connections to the server, whether it’s via a web browser or mobile app, and Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data as it moves between Dropbox’s users and the servers.

Moreover, Dropbox routinely tests its own hardware, software and processes for security vulnerabilities, and makes sure to alert users if Dropbox detects an attempted login from a new device or location. There have been no known large-scale hacks on Dropbox since 2012.  

How Dropbox may be vulnerable

“Their current encryption standards make the odds of a hack less likely, but no cloud-based solution is completely safe from new and emerging threats,” said Kristen Bolig, founder of SecurityNerd. 

Aside from the risk of an attack on Dropbox itself, one of the most dangerous vulnerabilities is on the user end of the Dropbox experience. Users – especially corporate customers – routinely face phishing attacks and social engineering attacks designed to trick people into giving up credentials and access to accounts. 

And not all security concerns originate with hackers and criminals. Dropbox’s user base crosses international boundaries, and Dropbox may opt to share user data with government agencies and law enforcement from time to time – the service has formal guidelines that dictate its behavior based on official requests. 

How to protect yourself as a Dropbox user

All that means your risk of a data breach with Dropbox is low, but not zero, and there are steps you can take to ensure your own security. 

Chris Hauk, consumer privacy advocate with Pixel Privacy, recommended enabling Dropbox’s two-factor authentication. “This ensures that if a third-party attempts to log into your Dropbox account, you will be notified via email or text message.” 

Is Dropbox secure 2
Two-factor authentication is an easy step you can take to ensure Dropbox remains secure.

Simple human error is also a risk – Dropbox allows users to store files in easily exposed public folders, for example, so it’s important to be careful about where files are placed. 

And for the ultimate in security, both from accidental public folder disclosures as well as hacks, security experts like Security.org’s Chief Editor Gabe Turner suggest using file-level encryption on important files stored on Dropbox. You can encrypt and password-protect documents created in Microsoft Office, for example, or with a third-party app. 

This eliminates the risk of Dropbox itself accessing your files with the company’s own encryption key or handing your information to government authorities. 

‘What is Dropbox?’: How to use the cloud-based file-storage service for collaborationHow to upload files to your Dropbox account from a computer or mobile deviceHow to create a folder in Dropbox to keep your files organized on a computer or mobile deviceHow to uninstall Dropbox on a Mac computer in 4 easy steps

Read the original article on Business Insider

Sequoia Capital, one of Silicon Valley’s most notable VC firms, told investors it was hacked

Sequoia Capital
Sequoia Capital offices on Sand Hill Road in Menlo Park, Calif.

One of Silicon Valley’s oldest and most venerable VC firms was hacked.

Sequoia Capital told its investors on Friday that some personal and financial information may have been accessed by a third party after one of its employees fell victim to a successful phishing attack, according to a report in Axios Friday. 

Sequoia told investors that it has not yet seen any indication that compromised information is being traded or otherwise exploited on the dark web, Axios reported.

A Sequoia spokesperson confirmed to Insider Saturday that it had “recently experienced a cybersecurity incident” that its security team was investigating. It had also notified law enforcement and was working with outside cybersecurity experts, the firm said.

“We regret that this incident has occurred and have notified affected individuals,” A Sequoia spokesperson told Insider. “We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats.”

Sequoia’s investors are called limited partners, and typically include large financial institutions such as university endowments, private family wealth offices, or sovereign wealth funds, but rarely do firms share information about their investors publicly.

Sequoia Capital is one of Silicon Valley’s oldest and most successful venture capital firms with more than $38 billion in assets under management, according to Pitchbook data. The 49-year-old venture capital firm has invested in companies such as Airbnb, DoorDash, and 23andMe. It has also invested in cybersecurity companies like FireEye and Carbon Black, according to its website. 

It does not appear that the hack was connected to the Solarwinds attacks, which included a larger breach of FireEye and has impacted government agencies and large technology companies like Microsoft.

Read the original article on Business Insider