Although Dropbox wasn’t hacked as such, hacks of other websites in recent weeks have allowed some users accounts to be accessed as they were using the same usernames and passwords on Dropbox as they were on other services that were hacked. One of these users was a Dropbox employee where someone logged in and took a project file containing email addresses of some users.
In order to protect the password part of the problem, all those users who were affected have received emails with details on how to change their password.
For the employee whos account was accessed:
A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.
Dropbox is putting several new features in place to help rid the problems and risks of using the same passwords across various internet services. These include:
* Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
* New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
* A new page that lets you examine all active logins to your account.
* In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)
Source
Speak Your Mind
You must be logged in to post a comment.