Is Dropbox Safe? Security Review
3/5
Overall Safety Score
★
★
★
★
★
Verdict: Dropbox provides adequate security for general file storage but is not zero-knowledge encrypted, meaning Dropbox employees and law enforcement can access your files. Past breaches add to the concern. For sensitive files, use client-side encryption.
Dropbox is a cloud storage and collaboration platform used by over 700 million registered users. It encrypts files at rest and in transit but does not offer zero-knowledge encryption, meaning Dropbox can access your files.
Security Ratings Breakdown
| Category | Score | Rating |
|---|---|---|
| Encryption | 3/5 | |
| Privacy | 3/5 | |
| Track Record | 2/5 |
Security Features
- AES-256 encryption at rest
- TLS/SSL encryption in transit
- Two-factor authentication
- Remote device wipe
- Sharing permissions and link controls
- Version history and file recovery
Privacy Concerns
- Not zero-knowledge encrypted (Dropbox holds encryption keys and can access your files)
- Files can be provided to law enforcement with a warrant
- Condoleezza Rice's appointment to the board raised surveillance concerns
- Third-party app integrations can access files
Past Security Incidents
- 2012 breach exposed 68 million user email addresses and hashed passwords (full scope revealed in 2016)
- 2022 phishing attack on Dropbox employees exposed 130 private GitHub repositories containing API credentials and user data
- 2024 breach of Dropbox Sign (eSignature) exposed customer data including emails, names, and hashed passwords
How to Stay Safe Using Dropbox
- Enable two-factor authentication
- Use client-side encryption (Cryptomator, Boxcryptor) for sensitive files
- Review shared links and permissions regularly
- Monitor connected third-party apps
- Don't store highly sensitive unencrypted data
Safer Alternatives
- Proton Drive (zero-knowledge encrypted)
- Tresorit (end-to-end encrypted)
- Google Drive (similar security, different ecosystem)
Last updated: February 10, 2026