Can the cloud be hacked?

Share this page

Many of us use the cloud on a daily basis, sometimes without even realizing it. Backing up photos from your phones, sharing files with friends, and working on shared documents are all examples of cloud computing. While the cloud has revolutionized the way we store and share data, it’s important to acknowledge that it is vulnerable to hacking attempts the same as any other online service. 

In this article, we explain how the cloud can be hacked and what you can do to keep your data safe. 

What is the cloud?

Can the cloud be hacked?

How can the cloud be hacked?

How to protect yourself from cloud hacking

Protect your files with Proton Drive

What is the cloud?

The cloud refers to a network of remote servers hosted on the internet that you can use to store and access data and applications. Instead of storing data on physical storage devices (such as hard drives), you can store it in the cloud, making it accessible from any device with an internet connection.

Cloud storage is just one example of how the cloud is used. Chances are you’ve also used cloud-powered services in the following contexts:

  • Email services (Proton Mail and Gmail) 
  • Online collaboration tools (Google Docs, Microsoft 365)
  • Video conferencing software (Zoom, Skype)
  • Social media platforms (Facebook, Twitter)
  • Cloud computing platforms (Amazon Web Services, Microsoft Azure)

For businesses, cloud computing offers many benefits. It allows companies to scale IT resources up or down as needed, based on real-time demands. Compared to traditional computing platforms, cloud computing also lets businesses avoid upfront capital expenses associated with purchasing and maintaining physical servers and other networking equipment.

Can the cloud be hacked?

The short answer is yes, the cloud can be hacked. Although many cloud service providers take extensive security measures to protect your data, no system is completely foolproof. Ultimately, your data’s security relies upon the type of encryption used by your cloud service provider. 

How can the cloud be hacked? 

Weak and reused passwords

Exploiting a weak or reused password is one of the most common ways attackers can hack your cloud storage account. Through brute force attacks, an attacker can easily gain unauthorized access to your account and steal your data. Even strong passwords can be undermined if you reuse them on multiple accounts. If any of those services suffer a data breach, it will expose your password, making every account where you used that password vulnerable. 

Attackers might also try to steal your password using phishing scams that try to trick you into revealing your login credentials through deceptive emails or websites.

Data breaches 

While most cloud providers prioritize security and invest significantly in protecting their infrastructure, data breaches still occur. In 2022, FlexBooker, a digital scheduling platform, suffered a data breach(new window) that compromised 3.7 million user accounts. Attackers hacked the platform’s cloud servers and stole sensitive user information, including full names, email addresses, and phone numbers. The compromised data ended up being sold on hacker forums. 

Social engineering attacks

Cloud providers can also experience data breaches through social engineering attacks. Hackers target the “human loophole” and manipulate company employees into divulging private information to gain access to sensitive information and systems. 

In November 2022, popular cloud storage provider Dropbox became a victim of a data breach(new window). An attacker accessed a Dropbox developer’s GitHub account after he fell victim to a phishing attack, stealing 130 internal code repositories. The breach included a few thousand names and email addresses belonging to Dropbox employees, current and past Dropbox customers, sales leads, and vendors.

Third-party vulnerabilities

Cloud providers sometimes work with third-party vendors like content delivery networks and domain name system services to provide a more comprehensive cloud solution. Vulnerabilities in these third-party services, such as software flaws or server misconfigurations, could lead to your data in the cloud being exposed and stolen.

How to protect yourself from cloud hacking

Protecting yourself from cloud hacking involves using strong encryption and following cybersecurity guidelines. Here are some steps you can take to safeguard your data.

Choose end-to-end encrypted cloud storage

Most cloud providers use industry-standard security measures, such as TLS and AES-256, to protect your online accounts, but they aren’t adequate. That’s because the most robust form of security is achieved through end-to-end encryption (E2EE), which ensures your data is protected at the highest level. 

Unlike other encryption methods that only encrypt data in transit or at rest, E2EE encrypts your data at all stages, including when it’s being sent, received, and stored. Only you have the private key needed to decrypt the file, meaning nobody can access it without your permission. This means that even if an E2EE cloud service was breached, the hackers would not be able to access your files unless they also got access to your device. If privacy and security are your top concern, you should choose an E2EE cloud provider like Proton Drive

Use a strong password

A strong password is your first line of defense against unauthorized access to your cloud account, making it harder for hackers to guess or crack your password. If you’re struggling to create and remember strong passwords, use an open-source password manager. A password manager generates and stores your login credentials for your online accounts, and all you need to do is remember the master password that unlocks your password manager. 

Protect yourself from phishing attacks

Phishing attacks come in various forms, but the most common is email phishing. Phishing emails appear to come from a legitimate source (for example, your cloud provider) but are in fact a ruse designed to trick you into revealing sensitive information. If you receive a suspicious email or an email from an unknown sender, don’t respond and report it to your email provider immediately. 

Enable two-factor authentication 

Enabling two-factor authentication (2FA) adds an extra layer of security to your cloud account. As the name suggests, 2FA works by requiring a second form of identification, such as a fingerprint or a faceprint, during the sign-in process. The most secure form of 2FA is security keys. Unlike traditional 2FA methods, security keys aren’t time-sensitive and don’t require a connection to the internet. 

Update software regularly 

Ensure that all software and applications you use in the cloud are regularly updated with the latest security patches and updates. This not only includes the operating systems and software on your local devices, but also any software or applications used by your cloud service provider.

Protect your files with Proton Drive

Choosing an E2EE cloud provider is the most important step you can take toward ensuring your files’ security. Even if you use a strong password, turn on 2FA, keep your software up to date, and stay on guard for phishing attacks, you’re entrusting your files to your cloud provider. If its security is compromised, then your files are at risk, even if you’ve taken all the other precautions listed above. 

With Proton Drive, all your data is automatically encrypted on your device before being uploaded to the cloud. Only you have access to the private key that decrypts the data, so no one else can see your files without your consent. Even if our servers were hacked, your encrypted data would remain inaccessible since hackers do not have your private key. 

Proton Drive also lets you:

We don’t just encrypt the content of your files — we also encrypt  their metadata, including the names of files and folders, file extensions, file sizes, and more. Each file also has its own cryptographic signature that proves it hasn’t been tampered with by outside parties. Signing up for a Proton Drive is free and gives you 1 GB of storage. All the encryption happens behind the scenes, so all you need to do is upload your file. If you’d like to support our mission of building a better, more private internet, consider upgrading to a paid account.

Protect your privacy with Proton
Create a free account

Share this page

Lisa Whelan

Lisa is an activist, writer, and internet privacy advocate. A defender of the right to privacy for people everywhere, Lisa joined Proton to spread awareness and further enable freedom online.

Related articles

Whether it’s personal documents such as your birth certificate or confidential business files like work contracts, we all have sensitive documents we need to store securely. With so many storage options available, it’s important to understand the dif
At Proton Mail, your security is our number one priority. Normally, this means protecting your inbox from unauthorized outside access. However, rather than trying to hack your software, phishing emails try to hack you. By spoofing emails from trusted
Learn all about email clients and why you might use one instead of webmail. If you’ve used an app like Gmail on your mobile phone or Outlook on your computer, you’ve used an email client. We explain how an email client works and the pros and cons of
No email service is completely anonymous. Learn how to send an email as anonymously as possible using private email, aliases, and a VPN or Tor. Do you need to send an email without revealing who you are? Unfortunately, you can’t just sign up for a f
Today, we’re introducing Proton Family, our all-in-one plan to protect your family’s privacy.  When you’re a parent, you do everything you can to prepare for the unexpected and keep your family safe. But extending this protection online is difficult
Starting last year, Google began to increase the number of ads displayed in Gmail. It started with more ads in the Promotions tab on mobile. And now it has grown to include advertising messages between regular emails on Gmail’s desktop site. Gmail u