It seems as if though a new service is being breached every week. The iCloud hack leaked a ton of information that compromised the sanctity and privacy of celebrities. Only a little while later, Dropbox ended up being in the news for rumors and allegations surrounding a breach of its services that revealed 7 million account credentials, all of which were posted on Pastebin.
Both Dropbox and a couple of other news organizations that were a little bit more prudent with their research on the subject have confirmed that the service itself wasn’t hacked. Their assertion is that the accounts revealed there were either expired or not found on Dropbox’s database at all. The fact that the accounts were being sold suggests that the seller was simply scamming others for a buck or two.
So, with such an anticlimactic ending, why are we still reporting on this? In other words, why should we be worried?
According to Dropbox, “the usernames and passwords referenced in these articles were stolen from unrelated services”. That still means that someone could still be in danger of falling victim to intrusion on their Dropbox accounts if two conditions are met:
- The person has a Dropbox account with the same email as the one that appears on the list.
- The person uses the same password across multiple services, including Dropbox.
Hackers employ very simple methods of compiling a narrower list of people who meet these criteria. When they do, they have a little party at your expense. I want to make it clear that Dropbox isn’t completely responsible in this case, since the company did not experience any breach as a result of its own incapability of securing its accounts. Still, users exposing themselves in such a way could do something to prevent breaches on their personal accounts from happening.
Protecting Your Account
First of all, SmartSignin is PerfectCloud’s way of doing away with passwords. With our software, you just click once on an icon and you’re automatically logged in to a service. This is all safeguarded by a special encryption algorithm that allows you to set its key so that no one else is in control of your account credentials anywhere.
So, let’s say that you want to sign in to Dropbox from SmartSignin. First, you log in to SmartSignin using your username, your password, and the key you have created. Your computer sends your username and password to SmartSignin for authentication and you’re logged in. The key remains in your possession and isn’t transferred to our servers. Assuming you have your Dropbox account linked to SmartSignin, you can just click on the Dropbox icon! From there, the plugin on your computer decrypts the garbled-up data we send them that represents your username and password on Dropbox and logs you in to the service!
You can do this with as many services as you wish, creating icons for each one and logging yourself in automatically without compromising your security.
OK, so we made it harder for hackers to get into your account and made it more convenient for you. That’s awesome, but there’s something missing: You’re using a cloud storage service without actually securing your data.
Locking Up Your Data
With SmartSignin, you can give your account a strong password. But what if something beyond your control happens, like the service in which the account is registered experiencing a database breach? In the places where you place confidential data, this can be extremely disconcerting.
This is why we came up with another solution called SmartCryptor, which allows you to fully encrypt your files using the same technique as you would in SmartSignin. Although your cloud storage provider (hopefully) encrypts all of your data, that encryption could be broken if a hacker gets his hands on the cryptographic key. What you need is another layer of encryption on top of that; one which, preferably, doesn’t involve a key that you don’t control.
In such a case, if someone gets into your cloud account and manages to decrypt the data you have stored, all he will see is gibberish. There’s still another layer sitting there, one that’s impossible to just peel off.
Together, SmartSignin and SmartCryptor provide a very hermetically-sealed security structure. In combination, both services are difficult, if not impossible, to break down, and they present a mind-blowingly valuable service for next to nothing on your part!