A report generated by Intralinks (a competitor of Dropbox) said that sensitive files are being leaked by the users themselves. This is done by sending hyper-links to other users who can then pass that link onto someone else who may not be an intended recipient.
Dropbox have acknowledged the issue and have temporarily suspended access to links that have previously been shared. The online data storage company have implemented a patch to prevent shared links from being exposed in the future but have said “we’re working to restore links that aren’t susceptible to this vulnerability over the next few days.” The company also went on to say “we realise that many of your workflows depend on shared links, and we apologise for the inconvenience. We’ll continue working hard to make sure your stuff is safe and keep you updated on any new developments.”
Graham Cluley an online security blogger has said “identity thieves could use the method to scoop up data” and that he believes “these services need to be more upfront with warnings.”
Another way users may unintentionally be sharing their data is through hyper-inks. Many Dropbox users access their data by receiving a Dropbox based hyper-link which directs them to an online stored document. These hyperlinks are generated to be completely random and are filled with an assortment of characters and numbers that would be very difficult to guess.
The issue occurs when the Dropbox user then inputs the link into Google’s toolbar which in turn, searches for the link. Google then remembers this link and relates it to anyone searching for Dropbox related products; so when someone Googles Dropbox, they will be presented with ‘related’ links that may actually be hyper-links to random users documents.
Intralink’s chief technology officer Richard Anstey said: “most internet users have, at one time or another, accidentally pasted a link into the search bar of their favourite search engine whilst intending to paste it into the internet address bar – it’s an easy mistake to make.”