I just recently read the news that Dropbox users were getting a lot of spam due to a suspected breach. I’m a big fan of Dropbox, and could not have survived a number of recent trips without being able to access documents thousands of miles away from home.
The Dropbox situation shows just how disruptive spam can be. In the midst of the spam deluge and as users complained to the support forums, Dropbox became impossible to reach. According to Brian Krebs:
At around 3 p.m. ET, the company’s service went down in a rare outage, blocking users from logging into and accessing their files and displaying an error message on dropbox.com. I will update this post in the event that the company responds to my requests or provides some explanation of what caused today’s outage and the spam.
Spam in your email is annoying enough, but when it shuts down the ability to work or conduct business as normal, it can slow down production, make customers angry and, well, make writers miss deadlines (no, I didn’t miss a deadline because of this, but had this breach happened a few weeks ago, I likely would have). In this case, Dropbox and its customers were the victims, but it can happen anywhere, anytime, to anybody. Eric Chiu, cloud security expert and president and founder of HyTrust, essentially agreed with that school of thought, telling me in an email:
The datacenter is being transformed at a rapid pace -- cloud, virtualization, converged infrastructure, BYOD, and mobile are all big shifts being driven by ROI, cost savings, and productivity business goals. However, at the same time, many of the other core elements such as security and compliance tools as well as processes have not changed to meet this new environment. Dropbox is a great example of an application that has infiltrated the enterprise, which can have serious security consequences since employees are hosting corporate confidential data without any enterprise security controls. With external and internal breaches happening daily, this is a perfect formula for major disasters to happen. The need for consistent configuration, and controls for access, management and visibility are critical.
Chiu added in his note to me that Dropbox is investigating the breach, using outside security experts to get to the bottom of the problem.