Though cloud storage company Dropbox’s security breach was relatively minor, it opened a can of worms that IT admins have feared since the first time they heard about “the cloud.” How could such an ephemeral thing really be secure? It began when Dropbox users noticed they were seeing spam messages show up in email accounts that were created exclusively for use with Dropbox--how had spammers gotten access to these accounts? It turned out that a small number of Dropbox’s accounts had been compromised--usernames and passwords stolen from other sites were used to sign in to Dropbox accounts. A stolen password was used to access a Dropbox employee’s account, for instance, and inside that account was an unencrypted document with users’ email address (note: not a good idea). So the security problem at the cloud storage company wasn’t the nature of the cloud itself, but poor internal email policy.