Dropbox – the cloud storage supplier – has been hacked. To be more precise, it’s just been reported that up to 68 million usernames and passwords were stolen back in 2012. Now, that’s a statement which probably bemuses the reader on two points; firstly, the scale of the breach, and secondly, the speed of the news – that’s 4 years ago. In fairness, the company made it known that they had been compromised in 2012, but the size of the incident had apparently been underestimated.
It’s said that Dropbox was completely unaware of the full extent of the attack, which leaves me in a flux – exasperated by their state of oblivion, while being gently encouraged by the fact that nothing has changed. As a Dropbox user (Darn, have I compromised myself?), I read the story with an air of resignation in light of the increasing regularity of such breaches – not just at Dropbox, I hasten to add. However, there lies the nub of the issue – my lethargic response, which is no doubt shared by others, is indicative of the consumer mindset that these attacks are a corporate problem and subsequently need corporate solutions. Not so, as corporate stakeholders we are all part of the problem and the solution. Specifically, the public’s attitude towards passwords is casual at best, with our encryption bordering on an ‘open door’ policy – Pass 1234 anyone?
Hack fatigue would appear to be setting in among the public, leaving them perilously indifferent to the issue. So what to do? In entering the spirit of Sydney’s Festival of Dangerous Ideas, maybe we need the castle defences to be brought down occasionally to best appreciate our enemy's strengths, and give priority to investing in bigger and better walls. Only when we have a full grasp of the impact, will we recognise the threat.