Can the cloud be hacked?

Share this page

Many of us use the cloud on a daily basis, sometimes without even realizing it. Backing up photos from your phones, sharing files with friends, and working on shared documents are all examples of cloud computing. While the cloud has revolutionized the way we store and share data, it’s important to acknowledge that it is vulnerable to hacking attempts the same as any other online service. 

In this article, we explain how the cloud can be hacked and what you can do to keep your data safe. 

What is the cloud?

Can the cloud be hacked?

How can the cloud be hacked?

How to protect yourself from cloud hacking

Protect your files with Proton Drive

What is the cloud?

The cloud refers to a network of remote servers hosted on the internet that you can use to store and access data and applications. Instead of storing data on physical storage devices (such as hard drives), you can store it in the cloud, making it accessible from any device with an internet connection.

Cloud storage is just one example of how the cloud is used. Chances are you’ve also used cloud-powered services in the following contexts:

  • Email services (Proton Mail and Gmail) 
  • Online collaboration tools (Google Docs, Microsoft 365)
  • Video conferencing software (Zoom, Skype)
  • Social media platforms (Facebook, Twitter)
  • Cloud computing platforms (Amazon Web Services, Microsoft Azure)

For businesses, cloud computing offers many benefits. It allows companies to scale IT resources up or down as needed, based on real-time demands. Compared to traditional computing platforms, cloud computing also lets businesses avoid upfront capital expenses associated with purchasing and maintaining physical servers and other networking equipment.

Can the cloud be hacked?

The short answer is yes, the cloud can be hacked. Although many cloud service providers take extensive security measures to protect your data, no system is completely foolproof. Ultimately, your data’s security relies upon the type of encryption used by your cloud service provider. 

How can the cloud be hacked? 

Weak and reused passwords

Exploiting a weak or reused password is one of the most common ways attackers can hack your cloud storage account. Through brute force attacks, an attacker can easily gain unauthorized access to your account and steal your data. Even strong passwords can be undermined if you reuse them on multiple accounts. If any of those services suffer a data breach, it will expose your password, making every account where you used that password vulnerable. 

Attackers might also try to steal your password using phishing scams that try to trick you into revealing your login credentials through deceptive emails or websites.

Data breaches 

While most cloud providers prioritize security and invest significantly in protecting their infrastructure, data breaches still occur. In 2022, FlexBooker, a digital scheduling platform, suffered a data breach(new window) that compromised 3.7 million user accounts. Attackers hacked the platform’s cloud servers and stole sensitive user information, including full names, email addresses, and phone numbers. The compromised data ended up being sold on hacker forums. 

Social engineering attacks

Cloud providers can also experience data breaches through social engineering attacks. Hackers target the “human loophole” and manipulate company employees into divulging private information to gain access to sensitive information and systems. 

In November 2022, popular cloud storage provider Dropbox became a victim of a data breach(new window). An attacker accessed a Dropbox developer’s GitHub account after he fell victim to a phishing attack, stealing 130 internal code repositories. The breach included a few thousand names and email addresses belonging to Dropbox employees, current and past Dropbox customers, sales leads, and vendors.

Third-party vulnerabilities

Cloud providers sometimes work with third-party vendors like content delivery networks and domain name system services to provide a more comprehensive cloud solution. Vulnerabilities in these third-party services, such as software flaws or server misconfigurations, could lead to your data in the cloud being exposed and stolen.

Secure your files with end-to-end encryption with Proton Drive

How to protect yourself from cloud hacking

Protecting yourself from cloud hacking involves using strong encryption and following cybersecurity guidelines. Here are some steps you can take to safeguard your data.

Choose end-to-end encrypted cloud storage

Most cloud providers use industry-standard security measures, such as TLS and AES-256, to protect your online accounts, but they aren’t adequate. That’s because the most robust form of security is achieved through end-to-end encryption (E2EE), which ensures your data is protected at the highest level. 

Unlike other encryption methods that only encrypt data in transit or at rest, E2EE encrypts your data at all stages, including when it’s being sent, received, and stored. Only you have the private key needed to decrypt the file, meaning nobody can access it without your permission. This means that even if an E2EE cloud service was breached, the hackers would not be able to access your files unless they also got access to your device. If privacy and security are your top concern, you should choose an E2EE cloud provider like Proton Drive

Use a strong password

A strong password is your first line of defense against unauthorized access to your cloud account, making it harder for hackers to guess or crack your password. If you’re struggling to create and remember strong passwords, use an open-source password manager. A password manager generates and stores your login credentials for your online accounts, and all you need to do is remember the master password that unlocks your password manager. 

Protect yourself from phishing attacks

Phishing attacks come in various forms, but the most common is email phishing. Phishing emails appear to come from a legitimate source (for example, your cloud provider) but are in fact a ruse designed to trick you into revealing sensitive information. If you receive a suspicious email or an email from an unknown sender, don’t respond and report it to your email provider immediately. 

Enable two-factor authentication 

Enabling two-factor authentication (2FA) adds an extra layer of security to your cloud account. As the name suggests, 2FA works by requiring a second form of identification, such as a fingerprint or a faceprint, during the sign-in process. The most secure form of 2FA is security keys. Unlike traditional 2FA methods, security keys aren’t time-sensitive and don’t require a connection to the internet. 

Update software regularly 

Ensure that all software and applications you use in the cloud are regularly updated with the latest security patches and updates. This not only includes the operating systems and software on your local devices, but also any software or applications used by your cloud service provider.

Protect your files with Proton Drive

Choosing an E2EE cloud provider is the most important step you can take toward ensuring your files’ security. Even if you use a strong password, turn on 2FA, keep your software up to date, and stay on guard for phishing attacks, you’re entrusting your files to your cloud provider. If its security is compromised, then your files are at risk, even if you’ve taken all the other precautions listed above. 

With Proton Drive, all your data is automatically encrypted on your device before being uploaded to the cloud. Only you have access to the private key that decrypts the data, so no one else can see your files without your consent. Even if our servers were hacked, your encrypted data would remain inaccessible since hackers do not have your private key. 

Proton Drive also lets you:

We don’t just encrypt the content of your files — we also encrypt  their metadata, including the names of files and folders, file extensions, file sizes, and more. Each file also has its own cryptographic signature that proves it hasn’t been tampered with by outside parties. Signing up for a Proton Drive is free and gives you 1 GB of storage. All the encryption happens behind the scenes, so all you need to do is upload your file. If you’d like to support our mission of building a better, more private internet, consider upgrading to a paid account.

Protect your privacy with Proton
Create a free account

Share this page

Lisa Whelan

Lisa is an activist, writer, and internet privacy advocate. A defender of the right to privacy for people everywhere, Lisa joined Proton to spread awareness and further enable freedom online.

Related articles

In the public eye, Google presents itself as a champion of privacy. “Privacy is at the heart of everything we do,” its CEO said. But behind closed doors, Google is telling a different story to policymakers and actively fighting against privacy laws
The last thing you want when showing funny videos or holiday photos on your phone or tablet to friends and family is for them to see your sensitive and private photos. Although there are third-party apps dedicated to hiding your personal photos and
It can be slightly difficult to encrypt a zip file using the tools available on your Windows or Mac. Unlike encrypting a PDF or an Excel file, there’s no standardized software to use. You’ll need to rely on your device’s built-in encryption methods.
Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta