During the past few years, a vast number of onlineﬁle storage services have been introduced. While several of these services provide basic functionality such as uploading and retrievingﬁles by a speciﬁc user, more advanced services offer features such as shared folders, real-time collaboration, minimization of data transfers or unlimited storage space. Within this paper we give an overview of existingﬁle storage services and examine Dropbox, an advancedﬁle storage solution, in depth. We analyze the Dropbox client software as well as its transmission protocol, show weaknesses and outline possible attack vectors against users. Based on our results we show that Dropbox is used to store copyright-protectedﬁles from a popularﬁlesharing network. Furthermore Dropbox can be exploited to hideﬁles in the cloud with unlimited storage capacity. We deﬁne this as online slack space. We conclude by discussing security improvements for modern online storage services in general, and Dropbox in particular. To prevent our attacks cloud storage operators should employ data possession proofs on clients, a technique which has been recently discussed only in the context of assessing trust in cloud storage operators.