Nearly 7 million usernames and passwords from Dropbox, the free cloud service for storing your photos, videos, and documents across devices, were leaked onto the internet.
And just days prior former NSA contractor Edward Snowden in the interview recommended that users drop Dropbox if they wanted to protect their privacy. "We're talking about encryption. We're talking about dropping programs that are hostile to our privacy.
For example, Dropbox? Get rid of Dropbox, it doesn't support encryption, it doesn't protect your private files." Instead of Dropbox, Snowden recommended SpiderOak, which can "do the same exact service but they protect the content of what you're sharing." Dropbox, in a June blog post that's actually meant to honor Snowden's "revelations," insisted that "all files sent and retrieved from Dropbox are encrypted while traveling between you and our servers."
But the difference between Dropbox and SpiderOak, as TechCrunch points out, is that SpiderOak can encrypt the data while it's still on your computer, whereas Dropbox only encrypts the data while it's on the company's servers or "in transit."
Dropbox is standing firm on its position that its service is fully encrypted, and denies responsibility for the leak of emails and passwords, many of which "have been expired for some time now," according to the company. Dropbox instead shifts the blame to users and third parties, stating "these usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts."
Dropbox is right: Hackers can re-use old information with a high degree of success, and it's not necessarily Dropbox's fault when that happens. But Dropbox is ultimately responsible for the access it allows its third parties, and in that case, maybe it should take a tip from Snowden and SpiderOak to improve data encryption at all ends of the service, including on the computers themselves.
