The Dropbox Blackbox
Dropbox was password optional for four hours…
With 25 million users and a gazillion files, from a consumer perspective, I and many others can’t live without Dropbox. Even Microsoft’s latest update to Skydrive doesn’t help because it isn’t cross platform like Dropbox. And even then, it isn’t 10x better than Dropbox and I already pay for Dropbox, meaning it is unlikely I would switch. So when I heard about the latest Dropbox issue where passwords were inadvertently disabled for a four hour period, I was concerned about my files & documents and could make a decision on behalf of my family to stay or go somewhere else. Note, we’re staying with Dropbox.
However the latest breech of Dropbox potentially exposed critical corporate data stored by individual users. This could now be cached in search engines or accessed by hackers trolling for open shares and is now stored somewhere even after the bug has been fixed. The implications of exposed corporate data really need to be understood and mitigated by senior IT and corporate leaders - customers, shareholders, and the corporation itself could be exposed.
Had this been a corporate storage system, logs would be used to inform corporations of files accessed during the window of vulnerability. This would allow corporations to take precautions including notifying customers of any information disclosure. Unfortunately, being a consumer system, Dropbox doesn’t offer this service. And if it did, employees would need to inform their IT departments independently. Additionally, a careful IT Department has no idea what its employees have stored on Dropbox so precautions cannot be taken. All we can do is cross our fingers.
Dropbox is an IT blackbox. This is why corporations invested in their own storage systems or they purchase enterprise grade cloud storage where precautions are taken and in case of failure, the value of timely notification is standard operating procedure.
