The following question is excerpted from Dropbox In 30 Minutes -- Chapter 5: The Rogue FAQ. You can see the other Dropbox Rogue FAQ question and answers in the table of contents, or buy the book here.
How secure is Dropbox?
This can be an uncomfortable question for Dropbox users who save sensitive files or other valuable data in their accounts. Think of business plans, legal documents, financial projections and, er, personal photos that you wouldn’t want to fall into unfriendly hands. This data is stored in “the cloud” — remote Internet servers that neither you nor Dropbox fully controls.
While Dropbox goes through great lengths to reassure users that it takes security seriously (the company says it uses technologies like Secure Sockets Layer and heavy-duty encryption, and claims employees are prohibited from viewing the content of users’ files) there have been security incidents, including a bug that allowed any Dropbox account to briefly be accessible without passwords in June 2011. The company quickly fixed the problem and claims additional safeguards were put in place. Nevertheless, there is no guarantee that some other bug, error, or hack might expose Dropbox user data in the future.
In addition, Dropbox users themselves may be the source of problems. If you are sharing a folder with 100 users, a couple of them are bound to be using easily guessed passwords to guard their accounts (the names of pets or first-born children, “password”, etc.). Sharing links can also lead to problems, if the wrong link is shared or someone posts the link online or in some other public forum.
Despite these issues, millions of people use Dropbox every day. They’re aware that there’s a risk, but are basically making a tradeoff. They are putting more value on the convenience of accessing and sharing files over the Internet for free (or for a low cost), and discounting the chances that the data may be lost, stolen, or exposed.
As I said earlier, it’s an uncomfortable feeling for some people. If it’s too much for you, don’t use Dropbox — or only use it for non-sensitive data.