Dropbox Breach Underscores File Sharing Security Concerns
By Chip Wilcox
Since its inception in 2007, Dropbox has been one of the most successful file sharing applications in the business world. The application has empowered millions of users to easily communicate and collaborate seamlessly across devices and platforms.
The credibility of such file sharing services took a hit in September of 2016 when it was announced that the widely popular Dropbox had been hacked. The data breach in question actually took place in 2012. Dropbox officials made an announcement at the time, informing users that their passwords had been reset. But this latest announcement comes as Dropbox is now realizing how significant the data breach actually was.
While Dropbox representatives did act quickly and responsibly in handling the issue, not all of the potential damage can be undone.
Hackers were able to lift the user credentials — email addresses and encrypted passwords — of 68 million users. And now those credentials are being sold off on the darknet for only two bitcoins, roughly $1,141. Not only can this data be leveraged to provide cover for individuals looking to traffic illegal goods, but if any of the passwords are discovered, users’ proprietary data itself may become exposed.
It Isn’t Just About Dropbox.
This data breach isn’t just about Dropbox. In fact, it underscores the security flaws inherent with all file sharing applications. As such, it has become abundantly clear that for any individual concerned about the privacy of their data, the time has come to seek a more secure solution.
If you do not want to risk your data being stolen but need a reliable file sharing service, it would be wise to leverage WebRTC instead of file sharing services. WebRTC uses the DTLS method to provide end-to-end encryption directly between users on nearly any server. For IP communications, WebRTC encrypts data via the SRTP method. This ensures that your traffic cannot be accessed by unauthorized parties.
Who’s Already Using WebRTC for File Sharing?
Check out applications like ShareDrop or FotoSwipe, which are already using WebRTC to make peer-to-peer file sharing a reality. FotoSwipe, for example, says their users love the service because they can move massive numbers of large files between users much more quickly than typical photo-sharing services.
Even better, though, you can embed WebRTC capabilities directly within your website or mobile applications. If you build the capabilities directly into your application, you further mitigate the potential for a breach because your users can perform all the actions they need to directly in your application, which limits the number of other opportunities bad actors might have to disintermediate or hijack your users and your or their data.
Even if you don’t think you have the time or people to dedicate to building and supporting a WebRTC service, Platform-as-a-Service providers like Temasys can help. They focus on making the technology accessible to developers of all stripes, and can help speed time to market and ensure reliability and scalability, in addition to security of your services. Have we piqued your interest? We’d love to hear from you!