Is OneDrive Secure? 7 Things to Watch Out For

Hackers have cloud storage between their crosshairs: they use it to store their malicious data and look to breach accounts to steal information. That puts users in a difficult position when it comes to choosing the right storage service for them. So, is OneDrive secure?

OneDrive is a secure cloud storage option. That doesn’t mean you can blindly trust this or any other service, as they all have been breached in the past. Taking extra measures, such as encrypting files before uploading them and scanning them after downloading them, is a must to remain safe.

Following cybersecurity best practices is the key to securely using OneDrive or any other option. For example, having the safest data storage in the world means little when your passwords are weak. However, you probably want to know how safe OneDrive really is.

How Safe Is OneDrive?

OneDrive is as safe as it gets, especially when you compare it to other options on the market. That doesn’t mean these services are impossible to hack.

It doesn’t mean that OneDrive will always work the way it should either. It means you’ll get the best bang for your buck and be safe as long as you play your part.

In other words, you can trust OneDrive to keep your files safe, though you can take an extra step to ensure that on your own (i.e., encrypting files before uploading them).

Cloud storage is secure when you choose known options like Microsoft’s or Google’s, though that doesn’t exempt you from following best practices.

OneDrive Best Practices

  • Encrypt Your Files. Can you trust OneDrive to do its part? Of course. Does that mean you don’t have to do much? Not at all! You still have to play your part, which includes encrypting your files before you upload them to the cloud. Doing that ensures your data remains safe even after a breach takes place – because hackers will only download information they can’t access.
  • Create Strong Passwords. Encrypting files before you download them is a great cybersecurity measure, but far from the only one you can take. Having weak passwords will allow threat actors to access your information sooner rather than later. You want yours to be long, random, and with no personal information.
  • Use MFA. Unfortunately, passwords can be cracked or hacked. You may have malware on your computer, meaning the strongest password will be leaked no matter what you do (until you deal with malware). Fortunately, multi-factor authentication gives you an extra layer of security, which no hacker can penetrate unless they have both your password and phone.
  • Scan Your Device. Remember, working on an infected device will overrule any cybersecurity effort on your part. For that reason, routinely scanning your device is a must, especially if you share your cloud storage account with other people. It only takes one breach for hackers to upload infected files that you’ll later download without noticing.

7 Things to Watch Out for When Using OneDrive

1. Deleted Logs

Are you trying to see if someone breached your OneDrive account? Sometimes, it’s better to look for what’s not there rather than look for clues you may find.

What does that mean? Well, hackers often try to delete their tracks after an attack. When stealing from cloud storage, they will try to delete the activity logs, so you find nothing out of the ordinary there.

Fortunately, it’s difficult for threat actors to remove every trail: you’ll have to look at the log to see if something changed but isn’t reflected there, which means someone is trying to hide their tracks.

2. Extra Files

Hackers often breach cloud storage services to steal information – but that doesn’t mean they’ll do nothing but download files. Sometimes, they look to compromise other users too: the easiest way to do so is by infecting their devices.

In other words, they’ll upload malware to the cloud, hoping you (or someone else) download it. Since cloud storage is often private and accessible by a few people, you won’t think about it twice before downloading something from there.

For that reason, it’s always a good idea to scan everything you download, no matter where you get it.

3. Late Activity

Users seldom share their time zone with the hackers that target them. American users are often targeted by Russian hackers and vice-versa (especially if we’re talking about government agencies that are often involved in cyber warfare).

Companies fall for these worldwide attacks too. Fortunately, there’s an easy way to spot them: checking when a user logs in. Those living in faraway lands often are a few hours ahead or behind, meaning they’ll use stolen logging credentials in the middle of the night when the hacked user is sleeping.

If you spot someone logging in late at night, it’s not cause for alarm, but you should monitor that account more closely.

4. Missing Files

We’ve covered what happens when you find extra files – but what about missing files? You can misplace something in the wrong folder, but that doesn’t mean you can lose them forever on the internet.

Threat actors may delete stuff after downloading it, especially when dealing with sensitive data. Of course, the best in the business want to go undetected, but that’s far from an option in certain scenarios. Missing files in your storage is definitely cause for concern.

5. Strange Behavior

Hackers manually download, delete, and upload files to breached cloud storages, but they’re not the only ones that may have access to it. Advanced malware often gathers passwords and looks to brute force their way into the cloud too.

When that happens, these bots will erratically log in, upload files, and log out. They may delete activity logs after doing so too.

Since they’re following instructions, it’s not difficult to see the pattern they leave behind, but that doesn’t mean it’s safe to deal with compromised cloud storage: at that point, reset login credentials and scan files – or start somewhere else with a backup.

6. Unusual Requests

Another giveaway of suspicious activity is unusual requests. Certain cloud storage options have different access levels for users (e.g., you can only access certain files while privileged users can see them all).

However, you can request to access other files if you want to. Sometimes, administrators grant away authorizations without looking – and that’s what hackers hope for.

An account is probably compromised if someone is requesting to download files they shouldn’t. It could also mean you have an insider threat roaming around your network, so it’s a good idea to monitor this activity closely.

7. Weak Passwords

The number one culprit behind data leaks is having weak passwords – and users have nobody to blame but themselves for using them. You can’t expect a hacker to not guess your login credentials if your passcode is as simple as “12345.”

Others take it one step further but don’t make it as difficult as they should. They use their company name as a password for their company’s cloud storage, which isn’t difficult to guess at all.

For that reason, having long, random passwords is a must. If you have a hard time remembering them, use a password manager – but never write them down. That’s how people get hacked too!

Can Your OneDrive Account Be Hacked?

You can lose your OneDrive account to threat actors if you’re not careful enough, and that may have nothing to do with OneDrive’s cyber security. Remember, you have to take care of your end as much as Microsoft will take care of theirs.

What does that mean? For example, you can give login credentials to hackers after a successful phishing attempt. You may also download malware, allowing hackers to see everything that you do, including writing down your password.

At the same time, sharing your OneDrive account is a great way to lose it: the chances of a breach increase as more people get involved.

Was OneDrive Hacked?

OneDrive cyber security has had its fair share of issues. We’re not talking about rumors – but details Microsoft has made public in the past. However, recognizing past mistakes and working towards a better security model is a good sign.

Does one breach mean you should avoid OneDrive? Absolutely not! Microsoft’s cloud storage service is as good as they come, especially when you compare it to top of the line picks, such as Google Drive.

This information sheds light on something: nothing is impossible to hack, no matter how big of a budget a company has. For that reason, you have to do your part and follow cloud storage best practices to stay safe and look for alternatives (because having all your data in one storage could lead to trouble).

OneDrive Alternatives

  • Google Drive. Does it get any better than Google? Perhaps it does. However, that doesn’t mean you’re not putting your data in the strongest hands possible. We know Google will have no trouble fending off attacks or surviving (no matter how much the online landscape changes). Unfortunately, Google probably takes a little peek at your data, so you should encrypt what you upload.
  • DropBox. DropBox developers make an effort to keep your data safe from harm, including all sorts of protection and encryption layers you’ll benefit from. Unfortunately, this attitude doesn’t come from sheer caution alone – but from having a few issues in the past, including leaks and breaches. It’s not a bad idea to consider, nonetheless.
  • MEGA. MEGA is one of the oldest cloud storage options available today – if you consider it a part of Megaupload, which started in 2005 and saw its end seven years later. MEGA’s former owner has had some legal trouble in the past, but he cut ties with the project a few years ago.
  • Your Own. If you’re looking for the safest, most transparent, and private option possible, you can set up your own cloud storage with enough servers. Of course, it requires being a little tech savvy – but learning how to do it is half the fun!


Microsoft OneDrive security is top notch – but that doesn’t mean you shouldn’t do your part to stay safe online. Use strong passwords, encrypt your files, and regularly scan your devices. At the same time, don’t put all your eggs in one basket: look for storage alternatives just in case. Looking for assistance with Microsoft OneDrive, Azure or 365? Contact us here at U.S. Cybersecurity to speak to an expert.

Herman McCargo

Herman is a Microsoft Certified Security Engineer and Cybersecurity Specialist. He’s been in the technology field for over 20 years and has expertise working with the most critical technology infrastructures. He has a deep understanding of cyber risks, threat mitigation and prevention, and overseeing infrastructure.