While working on setting up Data Leakage Protection Endpoint in a production environment, Security Specialist Mekin Pensen discovered that Dropbox touches way more files than it actually should. In his test, he installed Dropbox to the C: Partition of his windows computer and opted-in for selective sync, which states that only certain folders will be synced.
But if that’s not already enough, at the same time he noticed network activity to a dropbox address at the same time. Well, if you don’t call this suspicious…
I think it’s time to clarify what’s going on here, Dropbox. It’s not only super suspicious, but also unacceptable that you’re touching files outside the directory we’ve chosen for you. Even though this is bad, at least Dropbox doesn’t attempt to snoop through files on other partitions, according to Mekin.
It’s probably just the start and more security researchers will focus on dropbox now. We’ll update this article as soon as there are news.
Update 1 – 3rd March: Turns out that Dropbox might not be stealing your files. The access to other files might be related to the explorer extension, which adds the menus to easily share all files. A official statement is yet to be released – at least for now, there is nothing to be found on the Dropbox blog.