A programming mistake in an update to popular online storage site Dropbox made it possible for users to log into any of the 25 million accounts without a password. The mistake was discovered and swiftly rectified about four hours later, though not before the lapse was noticed, culminating in sensationalist headlines around the globe. Thankfully, the damage appears to be limited to less than a hundred accounts - a far lower number than was originally hinted at by the beleaguered company.
The unfortunate aspect of this password breach is that the compromised accounts were not the result of mistyped passwords or usernames; rather, a single individual apparently made use of the bug to deliberately access every single one of the affected accounts. It may be that the unidentified assailant did nothing more than rifle through the directory listing of the files, though it is entirely possible that compromising and confidential data were accessed and downloaded.
As reported by TechCrunch, it is understood that Dropbox CEO Drew Houston has written to all those affected to apologize, leaving a contact number and also offering to drop a line. As the dust settles, proponents and opponents of the great cloud storage debate have come out in full force, as expected, to adjoin the umpteenth session of the great cloud debate, albeit with the latter having the upper hand this time around.
Encryption Not Optional
I've said it before and I'll say it again: Data encryption is no longer an optional activity and setting up an encrypted volume isn't really that difficult. Indeed, I documented my experiences with Microsoft's BitLocker disk encryption almost two years ago, and also presented some arguments for SMBs to adopt full-disk encryption last year. Moreover, the case of the misplaced BP laptop containing more than 13,000 personal records should serve as a more recent reminder to the value of data encryption.
Cloud Storage Is Public
In my opinion, the fact that cloud storage has to be accessible from any location on the Internet places it at greater risk. It is entirely possible, for instance, that hackers may attempt to brute-force or guess their way into your account without IT administrators being the wiser. Obviously, private storage silos can also be hacked into, though unlike cloud storage services, businesses are at liberty to enact additional measures to secure or at least make it dramatically harder to break into their LAN-based storage appliances.
Does your SMB store its business data in the cloud?