Dropbox recently restored years-old "deleted" files for some customer accounts by accident, drawing attention to a potential privacy problem. Files supposedly deleted by customers from the company's servers were instead retained for as long as eight years, according to several reports over the past few weeks.

The company apologized for what it has described as "a bug" as well as a botched software fix that led to the unintended document recoveries. Normally, Dropbox permanently wipes files—eradicating the data from its servers—60 days after a person deletes them, in accordance with the company's privacy policy.

Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light.

Experts obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. The data is legitimate, according to a senior Dropbox employee.

Hackers don't even need your password anymore to get access to your cloud data. Newly published research shows how a "man-in-the-cloud" attack can grab cloud-based files – as well as infecting users with malware – without users even noticing.

The attack differs from traditional man-in-the-middle attacks, which rely on tapping data in transit between two servers or users, because it exploits a vulnerability in the design of many file synchronization offerings, including Google, Box, Microsoft, and Dropbox services. This is not just an issue for consumers, but also businesses, which increasingly use cloud-based services to share sensitive customer and corporate data.

Companies around the world have reason to be worried about the use of cloud applications to share mission-critical information. In fact, 1 in 5 employees has uploaded proprietary corporate data to a cloud application, such as Dropbox or Google Docs, with the specific intent of sharing it outside of the company.

The SailPoint survey also found a clear disconnect between cloud usage across the business and existing IT controls with a lot of users able to access those cloud storage applications after leaving their last job. Despite that some employees stated they were aware that their employer strictly forbids taking intellectual property after leaving the company.

Nearly 7 million usernames and passwords from Dropbox, the free cloud service for storing your photos, videos, and documents across devices, were leaked onto the internet. And just days prior former NSA contractor recommended that users drop Dropbox if they wanted to protect their privacy.

Dropbox is standing firm on its position that its service is fully encrypted, and denies responsibility for the leak of emails and passwords, many of which have been expired for some time now. Dropbox instead shifts the blame to users and third parties stated that these usernames and passwords had been unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

Dropbox is at the centre of a leak scandal, following the releasing of 400 usernames and passwords by an anonymous user on Pastebin. The hacker claims the initial dump is just a portion of the 6,937,081 Dropbox accounts he claims to have compromised.

He then requested Bitcoins in payment before he would allow access to more accounts. Dropbox said the service had not been hacked and these passwords were expired. At the time of writing, when entering the leaked usernames and passwords into Dropbox, the service prompts the user to reset your password by sending an email to the registered address.

NSA whistleblower Edward Snowden dropped his two cents on file storage security in an interview with The Guardian on Thursday.

He thinks Dropbox, the cloud storage firm with over 200 million users, is “hostile to privacy,” and urged people to switch to what he calls more-secure storage services like SpiderOak. “Dropbox is a targeted wannabe PRISM partner,” Snowden told The Guardian. “They just put Condoleezza Rice on their board, who is probably the most anti-privacy official you can imagine … So they’re very hostile to privacy.” Snowden said that a company like SpiderOak is better because it offers “zero knowledge,” a term used to describe services that have zero access to the data they are storing on their servers. 

File sharing service Dropbox has been under attack by intern users this weekend after its appointment of Condoleezza Rice, the former Secretary of State to George W. Bush, to its board of directors. 

However, privacy and civil liberties groups have responded by calling on users to boycott Dropbox until the company removes Rice.

They stress that their objection isn’t political and that “there is no doubt that Condoleezza Rice is an extremely brilliant and accomplished individual”. Instead they stress four main points of objection: that Rice was one of the main architects of the Iraq War.

On assurance of service administration, they needed a person with experience in international affairs in order to resolve problems in foreign countries where the service is forbiden (for example, in China).

There are 3 interesting things:

First, most of us remember well how Rice can solve the problem. Secondly her firm RiceHadleyGates is a Dropbox advisor long ago, and thirdly we can recall the recent story about how Dropbox did not give the user to share the pirate movie file, in some sly way determining that it was pirate, while solemnly assuring that Dropbox do not touch files (actually touch, but it seems like only pablike and by comparing hashes, but that's another topic).

Late last night, a tweet was spread far and wide showing that a DMCA notice had blocked a file from being shared on a Dropbox user’s account.As of this afternoon, it’s seen just shy of 3 thousand retweets.

What was going on? Was Dropbox suddenly doing something sketchy? Were they suddenly lurking around their users’ folders, digging for copyrighted material hiding amongst personal files?

The system is neither new, nor sketchy. It’s been in place for years, and it’s about as unsketchy as an anti-copyright infringement system can get. It allows Dropbox to block pre-selected files from being shared from person-to-person (thus keeping Dropbox from getting raided by the Feds), without their anti-infringement system having any idea what most of your files actually are.