No, Dropbox is not hacked
Due to a software error, Dropbox has kept up to eight years of old files in their servers, even though their owners had actually deleted them from their own accounts. Users in the support forum were angry about the slow reaction of the company.
Actually, Dropbox promises to delete users’ files 60 days at most after they are removed by users. However, an employee of the US storage service has now admitted that this has not been the case with some files and folders due to an “inconsistent metadata”.
Metadata is allegedly to blame
“Normally, we remove files and folders from our servers at the latest 60 days after an user has deleted them,” the Dropbox employee wrote in their in-house support forum. However, the files and folders affected by the software error would have had the “inconsistent metadata” and would therefore have been kept in a “quarantine” and excluded from the normal deletion process.
In attempting to solve the metadata issue, which has obviously been going on for years, employees of the storage service “accidentally restored the affected files and folders” and thus made them visible to the affected users again. “This was our mistake; it has nothing to do with a third party and we were not hacked,” Dropbox assured one day after the first occurrence of the problem. As it is possible that such a serious and apparently known software flaw could remain unsolved for years, the company did not say much.
Users had previously reported that in their Dropbox accounts gigabytes of old files were restored, which they had deleted years ago. “Multiple folders from 2009-2011, deleted years ago, suddenly reappeared overnight,” wrote an user in the Dropbox forum. Another added: “The whole thing has just forced my server to upload 4 gigabytes of unnecessary / obsolete files without reason. I’m seriously disappointed.”
Some of the affected people were also annoyed that Dropbox needed a whole day to respond to the users’ questions. “This was a big blow to the loyalty of Dropbox customers (…). The least that Dropbox would have to do is to calm down users as quickly as possible and say that it is not a hack. ”
Privacy guidelines allow for extensive storage
Although Dropbox has been helping users to remove deleted data, with two major limitations: “(1) There may be some time between deleting from their own servers and from users’ backups, and (2) To comply with their legal obligations, they need to settle disputes and to implement their contracts. In this case though, “sometime” may mean Dropbox for several years.
Encryption can provide protection
Effective protection against such incidents offers not only the more expensive self-control – for example, with Owncould or Nextcloud – but also the transparent encryption of the files. Free tools such as Cryptomator or the Truecrypt successor Veracrypt, encrypt all the personal data locally on the PC or smartphone before they are uploaded to the servers of the US storage service.