It’s important to ask what could happen if a hacker obtains access to the services that we use to manage your data.
In addition to the security measures detailed here, the following measures are taken to reduce the impact as much as possible:
We encrypt each access and refresh token with military grade AES256 encryption.
Each token has an “initialization vector“, a fancy word to ensure that brute force attacks are almost impossible.
Our database is not publicly available and uses whitelisted SSH access which makes it very hard for hacker to find and access. Even if a hacker would be able to access the database, they would only see scrambled texts as everything is encrypted.
The master encryption key of the database is stored in a “secrets vault” which is only accessible to the backend application and not to anyone of the Pro Backup team.
It’s only if a hacker gets both into the database and has the master encryption key, that they would be able to perform API calls. Even in this case, we have installed alerts to warn our team of suspicious activity.
Looking at how hackers typically operate, it is far more likely that they will try to steal information via phishing your password of your ProBackup account. This is why we strongly recommend enabling 2FA to your ProBackup.