Leaky Dropbox Links [Link]

May 07, 2014 by Gabe | [mmd] | ℳ↫

From the Graham Cluley blog:

In one short and entirely innocently designed ad campaign alone, we found that about 5 per cent of hits represented full links to shared files, half of which required no password to download. This amounted to over 300 documents from a small campaign, including several tax returns, a mortgage application, bank information and personal photos. In one case, corporate information including a business plan was uncovered. We also found evidence that many people are mingling their personal and professional files, potentially presenting privacy and security concerns for organisations.

I guess this is something that is poorly understood. Shared links are not private, they are just hard for a human to guess. Any sensitive information I store on any cloud service (and usually on my own computer) is stored in an encrypted disk image. There are secure ways to share a Dropbox link with an accountant but they all involve an extra step to encrypt the content.

By way of @korzdorfer