Saving our personal files in the cloud can be very useful and convenient. Thanks to it we can store them in a safe place, as a backup, so that, if they are lost, we can recover them from there. In addition, thanks to it we can always access our data from anywhere just using an Internet connection. However, delegating our most important files to a private company, about which we know nothing in terms of operation or security measures, is very risky. And, at any time, we can find that it has suffered a computer attack, as has happened to dropbox.
Dropbox is one of the largest and most well-known clouds, both for personal and professional use, that we can find on the net. This was one of the first cloud storage platforms to see the light of day, and despite the arrival of many other alternatives, it is still one of the largest and most used on a daily basis.
However, we often rely on these types of storage platforms, and we upload our files thinking that they will be safe and secure as long as we use a strong password. However, at any time, they can be exposed as happened to this cloud on October 14.
An attack allowed access to the source code of Dropbox
On October 14, GitHub notified Dropbox officials of strange activity on their account. After a brief investigation process, they discovered that, due to a deception (phishing) to one of the developers, a hacker managed to access the Dropbox development account, and download source code from over 130 repositories.
So far everything normal. However, in that code were credentials, specifically private API keys, used by developers to develop the platform. In addition to API certificates, thousands of names and email addresses belonging to Dropbox employees, as well as current and former customers, sales leads, and service providers, have also been exposed.
It is not known exactly what parts of the code this pirate accessed, nor if he downloaded the code and now has it for sale on the Dark Net. What is certain is that the time was very limited, and no malicious code was injected into the repositories. But what about user data?
User data is safe
From Dropbox they assure that user data has not been exposed at any time. API keys were instantly revoked, and no one was able to access any of the cloud save files, passwords, or payment information of absolutely no users.
Luckily, everything has been a scare, at least for users. Now Dropbox has a lot of work to do to prevent this from taking its toll in the future and prevent it from happening again. Among other improvements, the platform is currently implementing the system WebAuthn, one of the most robust two-step authentication methods that we can find today. But we still don’t know when it will be ready.