On August 1st, reports emerged stating that Dropbox had confirmed a security breach that led to a spam storm, which hit many of its customers. As it happened, an unidentified number of names and passwords were stolen from various users on other sites and were used to sign into Dropbox accounts. Specifically, data was taken from one Dropbox employee containing users’ email addresses—thus, the spam. International users including those from the United Kingdom, the Netherlands, and Germany, seem to be a primary target.
Dropbox reminds its customers to use unique passwords for each site they use requiring one, and to make the password complex. If you use the same password repeatedly, it only makes a hacker’s job easier if you become the target. They pick up your password at Facebook, and then use it at your bank.
As a note, Dropbox is upping their security features to require a two-factor authentication process.
This hit home for me, because I realized that I was one of those who used some variation of the same password for each of my sites. In fact, I can honestly say that on more than one occasion I’ve used the phrase “the usual” as my password reminder. I often justify that with thinking, “who would want my identity or my files anyway?” Unfortunately, I learned a long time ago that things don’t just happen to other people. Things happen to me too.
All people, especially PK-16+ teachers and instructors, need to be careful about what they are choosing to place in the cloud. It is critical to consider if you are possibly putting yours, a child’s, or student’s FERPA protected information, or otherwise confidential, private information, within reach. For educators, you must know that this includes identifying student information such as their social security number, and even their graded material. Personally, you probably should refrain from storing electronic copies of legal documents and anything containing your personal information such as your social security number, your driver’s license number, your bank account information, etc.
Dropbox isn’t the only one to be hit recently with security breaches that allowed hackers to gain access to a customer’s personal information and in some cases, their personal files. LinkedIn, a professional social media site, was hacked in June 2012. And, unfortunately, this isn’t the first time Dropbox has been hit. In June 2010, an update of some sort allowed anyone to log into any account with any password. This problem persisted for nearly four hours.
The main purpose of Dropbox is to store or preferably, backup, your files in the cloud. (Relying on anyone’s server as sole storage is risky.) Secondarily, it also offers a “sharing” aspect that allows users to share access to files. So, if one person is hacked, files belonging to others which have been shared with that person, are also compromised.
The use of unique passwords is important without doubt. It can be difficult to use different passwords on different sites, but there are ways of storing your passwords—perhaps not in the cloud. There are many software apps, both free and commercial. KeePass, for example, stores anywhere and is itself password protected. LastPass is a recommended tool that installs on your computer and works with you as you enter each password protected site. It is saved both locally and on their server. The basic service is free, and a premium service allows you to add the feature to mobile devices. And, then there is the good ole spiral notepad. Yes, fires happen, but if you can’t remember a password there is always password reset options. Eeek.
It is also advisable to research the security measures taken by various cloud storage service providers. For example, Box.com (previously Box.net) claims to offer encryption even at the personal account level. Unfortunately, there is some question on whether that encryption is only on transfer (avoiding middle-man hacking), or if the data remains encrypted at rest on their server. You could always encrypt your files yourself before uploading.
Finally, contemplate what you really want people to have access to in your cloud space. The cloud is a wonderful idea for storing files, backing up data, etc. so that you know it is safe should something happen to your computer hard drive, or any external hard drives you use. On the other hand, the cloud is a server in which some employees likely have access and which can be targeted and hacked.
The bottom line is: if your document could get you in deep trouble legally, financially, professionally, romantically, or any other way if someone else found it, make a conscious decision about whether or not you should put it up there. Just like your own computer hard drive, the cloud isn’t safe proof. Only you can assess the risk. You probably ought not put the map to your uncle’s multi-million dollar treasure up there either.
Dropbox Reports User Accounts Were Hijacked, Adds New Security Features
http://techlogon.com/2012/03/09/box-com-security-issues-for-personal-accounts/
http://download.cnet.com/LastPass-Password-Manager/3000-18501_4-10889725.html
http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html