Is Dropbox Safe?

If you use or plan to use Dropbox, you need to know: Is Dropbox safe? 

Below, we explain whether Dropbox is: 

• Safe to use. 
• Good for privacy. 

We also look at some steps you can take to improve both your safety and privacy when using this online service. 

What Is Dropbox?

Dropbox is a cloud-based file storage and synchronization service that allows users to store and share files and folders online. 

By uploading files to the Dropbox cloud, users can free up space on their local devices. Files stored in Dropbox can be accessed from any device with an internet connection, including computers, smartphones, and tablets.

Dropbox syncs files, meaning changes made to files in the Dropbox folder on one device are automatically synchronized across all devices linked to the same account. Users can access files offline, and any changes made will sync when the device is back online.

Once files are uploaded, users can share files or folders with others by creating shareable links, allowing others to view or download the content. Multiple users can collaborate on files within shared folders, with changes visible to all participants.

Is Dropbox Safe?

Dropbox doesn’t have the best track record when it comes to safety. 

Dropbox experienced several breaches throughout the years, including:

• A breach in 2012 that compromised millions of user passwords (and which happened because a Dropbox employee reused a password on LinkedIn – something that did not come to light a few years later).
• A breach in 2022 that compromised Dropbox eSignature Service customers.  
• A breach in 2024 that affected its Dropbox Sign (previously HelloSign) service. The breach revealed Dropbox Sign customer data, including emails, usernames, phone numbers, and hashed passwords. Additionally, individuals who received or signed a document via Dropbox Sign without creating an account had their names and email addresses exposed.

In 2017, Dropbox made headlines for a bug that retained users’ deleted files on its servers for six years. A bug in 2011 meant anyone could log into someone else’s Dropbox account just with their email address (however, Dropbox was very quick to fix this issue). 

One user has also written a blog post about how a Dropbox bug permanently deleted 8,000 of their photos. 

Dropbox offers security features like encryption, two-factor authentication, and permissions-based access. This means that users can set permissions on a case-by-case basis, controlling who can view, edit, or comment on the content. They can also remote wipe their devices to ensure no one can access their files. 

Additionally, users receive notifications of suspicious activity or new device logins, which helps identify unauthorized access attempts.

The service complies with various industry standards and regulations, such as GDPR, HIPAA (for Business plans), and SOC 2/3 reports.

Users should be wary of Dropbox email scams. 

Is Dropbox safe to download?

Yes, Dropbox is generally safe to download and use as long as you download it from the official website (www.dropbox.com) or trusted app stores like Google Play Store or Apple App Store.

Is Dropbox safe, according to Reddit?

Opinions on Dropbox’s safety on Reddit are mixed. 

Some users have used Dropbox for years without any major issues, finding it reliable for file synchronization and sharing​.

However, many users are concerned that Dropbox does not offer end-to-end encryption. This means that Dropbox can potentially access unencrypted data on its servers, raising privacy issues, especially for those storing sensitive information​.

Several users have also reported that their accounts were disabled without notice or clear reasons, resulting in the loss of access to their files. 

If you use Dropbox, make sure you follow security best practices. As one Redditor notes, “A lot of the “hacking” that you hear about is just people whose personal security is poor.”

Is Dropbox safe to use?

Depends on your definition of “safe.” 

Dropbox is widely used and offers security features like two-factor authentication. 

However, while Dropbox encrypts your data in transit and at rest, it doesn’t offer end-to-end encryption. This means that Dropbox could potentially access your files if it wanted to for some reason.

Dropbox has also experienced security breaches in the past, including a significant breach in 2012 that compromised user credentials.

As with any software, there are potential vulnerabilities and bugs that could be exploited.

Is Dropbox safe for business?

Depends on your business.

Dropbox Business (their plan for businesses) offers additional security features, like advanced access controls, allowing administrators to manage permissions and monitor user activity.

As such, Dropbox for Business can be a safe and effective tool for many organizations, provided you take additional steps to secure sensitive data and ensure compliance with relevant regulations. 

If your business handles highly sensitive data or requires stringent security and privacy controls, you may need to supplement Dropbox with additional security measures or consider alternative solutions that offer end-to-end encryption (Dropbox doesn’t provide end-to-end encryption) and enhanced compliance features. 

Is Dropbox safe for lawyers?

There seems to be disagreement among lawyers about whether it’s safe to use Dropbox or not. 

Perhaps one of the biggest concerns about using Dropbox as a lawyer is that it does not offer end-to-end encryption. This could be a security risk since lawyers handle highly sensitive and confidential information. 

That said, human errors can also impact the security and privacy of data stored in Dropbox. For example, sharing files or folders with the wrong people or with permissions set too broadly can expose sensitive information. In 2023, an attorney “rummaged” through its litigation opponent’s Dropbox after a third-party vendor accidentally revealed the link in discovery.

There have also been cases where attackers impersonated lawyers in fake Dropbox file transfer notifications. 

If you are going to use Dropbox in a professional capacity, it is advised to take precautions like:

1. Additional encryption: Encrypt sensitive files using third-party encryption tools before uploading them to Dropbox.
2. Data classification: Implement a data classification policy to ensure that only appropriate types of data are stored on Dropbox.
3. Employee training: Educate all staff members on best practices for data security, including the importance of strong, unique passwords and recognizing phishing attempts.
4. Compliance check: Ensure that Dropbox meets your jurisdiction’s regulatory requirements for data protection. If necessary, supplement Dropbox with additional security measures to achieve compliance.
5. Client consent: Obtain client consent before storing their information on cloud services like Dropbox, and be transparent about how their data will be protected.

Is Dropbox safe for taxes?

Dropbox is safe for storing tax documents if you take additional precautions. 

Dropbox doesn’t have end-to-end encryption, meaning that the company could potentially access your files. 

For this reason, it is recommended that you encrypt your tax documents before uploading them to Dropbox. This ensures that your data remains protected even if Dropbox’s security is compromised.

Additionally, be careful with whom you share your tax documents and use Dropbox’s sharing settings to control access permissions. Set expiration dates and passwords for shared links.

Maintain additional backups of your tax documents on another secure platform or external storage device.

Is Dropbox safe for accountants?

Whether Dropbox is safe for accountants depends on how you use it.

If your files contain sensitive information, using Dropbox comes with the following concerns: 

1. Lack of end-to-end encryption: Dropbox does not offer end-to-end encryption, meaning Dropbox has access to the unencrypted data stored on its servers.
2. Security risks: Past security breaches and potential vulnerabilities could expose sensitive financial information.
3. Compliance: Dropbox may not meet all regulatory requirements for data protection in certain industries or jurisdictions.

That said, there are certain best practices accountants can take to improve the safety of Dropbox. These include:

• Encrypting sensitive financial documents with third-party encryption tools before uploading them to Dropbox.
• Using strong, unique passwords for encrypted files and sharing passwords through secure channels.
• Using strong, unique passwords for Dropbox accounts and considering using a password manager.
• Enabling 2FA on your Dropbox account to add an additional layer of security.
• Being cautious with sharing permissions and regularly reviewing and updating them. 
• Setting expiration dates and passwords for shared links.
• Monitoring account activity to detect any unauthorized access or unusual behavior.
• Maintaining additional backups of critical financial documents on another secure platform or external storage device.
• Obtaining client consent before storing their financial information on Dropbox and being transparent about the security measures in place.

Is Dropbox safe, according to Quora?

The consensus on Quora is that Dropbox is as safe as any other online storage provider. 

That said, many Quora users say they would not store sensitive files on Dropbox. 

Is Dropbox Private?

No, Dropbox is generally not considered private.

You can see a list of historical controversies and criticisms of Dropbox here. 

Among the incidents noted is that time Dropbox gave researchers access to data on thousands of academics using its service. 

Although Dropbox said it anonymized the data before sharing it, experts noted that there was potentially enough information within the data to identify the individuals. According to Dropbox, the study and the sharing of data fell within the scope of their privacy policy. 

In 2014, former government contractor and whistleblower Edward Snowden said Dropbox was “hostile to privacy” and a “wannabe PRISM partner.” Dropbox has denied participation in the surveillance program. 

Also, while Dropbox uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between the user’s device and Dropbox servers and Advanced Encryption Standard (AES) 256-bit encryption for files at rest, it doesn’t use end-to-end encryption. This means that Dropbox could access users’ files if it wanted to. 

In its privacy policy, Dropbox outlines that it collects users’ names, email addresses, phone numbers, payment information, and physical addresses. It also stores and transmits “Your Stuff,” contact information, usage information, and device information. Cookies and other tracking technologies are implemented for this purpose.

Dropbox’s privacy policy gets a “Grade D” from Terms of Service; Didn’t Read (ToS;DR), a project that rates internet services terms of service and privacy policies. 

Among the issues flagged are that the service may collect, use, and share location data and that the service can share your personal information with third parties. Users also waive their right to a class action. 

For comparison sake, the file hosting service Mega gets a “Grade C” from Tos;DR and Google Drive gets a “Grade E.” iCloud also gets a “Grade D.”

The Common Sense Privacy Program, which evaluates internet services’ privacy in relation to kids, gives Dropbox a score of 59% (out of 100%), which is a “Warning.” Basically, Dropbox does not meet the program’s recommendations for privacy and security practices. 

How to Improve Your Safety and Privacy On Dropbox

For a safer and more private experience on Dropbox, follow these steps:

• Enable two-factor authentication (2FA). Go to your Dropbox account settings, find the Security tab, and enable 2FA. This will add an extra layer of security by requiring a second form of verification in addition to your password. You’ll need to link your phone number or use an authentication app.
• Use a strong, unique password. To reduce the risk of your account being hacked, use a mix of upper- and lowercase letters, numbers, and special characters. Consider using a password manager to generate and store complex passwords.
• Encrypt sensitive files before uploading. Use encryption tools to encrypt files before uploading them to Dropbox. This provides an additional layer of security by encrypting files with a password only you know.
• Review and manage app permissions. Go to the App integrations section of your Dropbox account settings and review the list of connected apps. Revoke access to any apps you no longer use or trust. This will help minimize the risk of third-party apps accessing your data.
• Be cautious with shared links. Shared links can be accessed by anyone who has the link, potentially exposing your files to unintended recipients. Set passwords and expiration dates for shared links. Only share links with trusted individuals and avoid posting them publicly.
• Monitor account activity. Regularly check the security settings for recent activity and active web sessions. Sign out of sessions you don’t recognize.
• Limit device access. Review the list of devices linked to your Dropbox account and unlink any devices you no longer use or recognize, thus lowering the risk of unauthorized access.
• Keep software updated. Regularly update your operating system, Dropbox application, and any security software you use.
• Use selective syncing. Go to the Dropbox preferences on your desktop app, select the Account tab, and choose which folders to sync to reduce the exposure of files on devices you use less frequently or in less secure environments.
• Be aware of metadata. Dropbox collects metadata about your files (e.g., file names, sizes, types) that could reveal information even if file contents are encrypted. Be mindful of the file names and types you store, and consider additional encryption for highly sensitive metadata.