Nearly 7 million usernames and passwords from Dropbox, the free cloud service for storing your photos, videos, and documents across devices, were leaked onto the internet on Monday. And just days prior, speaking via remote at the New Yorker Festival, former NSA contractor Edward Snowden recommended that users drop Dropbox if they wanted to protect their privacy, according to TechCrunch.
“We’re talking about encryption. We’re talking about dropping programs that are hostile to our privacy. For example, Dropbox? Get rid of Dropbox, it doesn’t support encryption, it doesn’t protect your private files.”
Instead of Dropbox, Snowden recommended SpiderOak, which can “do the same exact service but they protect the content of what you’re sharing.”
Dropbox, in a June blog post that’s actually meant to honour Snowden’s “revelations,” insisted that “all files sent and retrieved from Dropbox are encrypted while travelling between you and our servers.” But the difference between Dropbox and SpiderOak, as TechCrunch points out, is that SpiderOak can encrypt the data while it’s still on your computer, whereas Dropbox only encrypts the data while it’s on the company’s servers or “in transit.”
Dropbox is standing firm on its position that its service is fully encrypted, and denies responsibility for the leak of emails and passwords, many of which “have been expired for some time now,” according to the company. Dropbox instead shifts the blame to users and third parties, stating “these usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.”
Dropbox is right: Hackers can re-use old information with a high degree of success, and it’s not necessarily Dropbox’s fault when that happens. But Dropbox is ultimately responsible for the access it allows its third parties, and in that case, maybe it should take a tip from Snowden and SpiderOak to improve data encryption at all ends of the service, including on the computers themselves.
We’ve reached out to Dropbox to learn more about what the company does to improve encryption in the future, and we’ll update this story when we hear back.
Business Insider Emails & Alerts
Site highlights each day to your inbox.