Dropbox admits user accounts were hijacked, adds new security

Dropbox user accounts compromised, leads to spam. Dropbox updates security measures.

Published Wed, Aug 1 2012 10:28 AM CDT   |   Updated Tue, Nov 3 2020 12:27 PM CST

A few weeks ago, there were reports of Dropbox users started to receive spam on the e-mails tied to Dropbox. The major problem with this was that some of these user's e-mails were only tied to their Dropbox account which meant that the spam or address leak was coming from Dropbox itself as there would be no other way for the e-mail to be released.

Dropbox admits user accounts were hijacked, adds new security | TweakTown.com

Dropbox enlisted the help of "an outside team of experts" to aid their own security team and law enforcement. Dropbox's VP of Engineering, Aditya Agarwal, said in a blog post that a number of usernames and passwords were stolen from third party websites. These combos were then used to sign into "a small number of Dropbox accounts."

One of those stolen password combos belonged to an employee. The employee's Dropbox contained a project file which had a list of e-mails. The company believes "this improper access is what led to the spam." Dropbox is taking several steps to prevent something like this from happening in the future. These are laid out below:

  • Two-factor authentication, a way to optionally require a unique code in addition to your password when signing in. (Coming in a few weeks)
  • New automated mechanisms to help identify suspicious activity. We'll continue to add more of these over time.
  • A new page that lets you examine all active logins to your account.
  • In some cases, we may require you to change your password. (For example, if it's commonly used or hasn't been changed in a while)

There's still plenty to be learned as the investigation is on-going. Currently, it would appear that both Dropbox and its users share the responsibility for this hack. Dropbox is doing its part and suggests that its users do the same. They point out that "though it's easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk."

NEWS SOURCE:techcrunch.com

Trace is a starving college student studying Computer Science. He has a love of the English language and an addiction for new technology and speculation. When he's not writing, studying, or going to class, he can be found on the soccer pitch, both playing and coaching, or on the mountain snowboarding.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles