Researchers have uncovered at least three different ways to access data without authorization from popular cloud-storage provider Dropbox.

Presenting their work at the 20th USENIX Security Symposium held last week, the researchers from Austria-based SBA Research claimed to have developed the exploits last year. However, the security research firm decided to give Dropbox time to fix the problems prior to making them public knowledge.

As reported on Network World, one of the methods entails spoofing file hashes to trick Dropbox into granting access to "arbitrary pieces of other customers' data." Indeed, the cloud-based nature of Dropbox means that users won't even know that their data has been downloaded. The second technique involves stealing a victim's Dropbox host ID; when inserted into a fresh install, this essentially allows a perpetrator to download all the files belonging to their victim.

This looks like the same security flaw as was independently uncovered by security researcher Derek Newton who openly questioned Dropbox's design in April.

The final flaw allows for Dropbox users to "request file chunks via SSL at a certain URL" by simply knowing the hash value of a chunk and presenting any valid host ID. This could be harnessed in a number of ways, say the researchers, including clandestinely sneaking files out of corporate networks by simply obtaining the hash value.

While the flaws have since been fixed, do the latest revelations have any bearing on the storing of your business or personal files on Dropbox--or any cloud storage provider for the matter?

For more:
- check out this article at Network World
- check out this article at CRN

Related Articles:
Dropbox accounts left completely unprotected for four hours
Dropbox faces FTC complaint that it lied to users about data security
Storing in the cloud? Data security starts with you
Insurance: The answer to the cloud?