Were you one of the many Dropbox users that were under a spam attack? On July 17th Dropbox users started to notice an increase in the level of spam attacking their accounts. It was brought to Dropbox’s attention when users notified the company that they were receiving spam only in their email accounts related to Dropbox, which indicated that the leak had to have come from Dropbox itself. Most of these users came from Europe including Germany, the UK, and the Netherlands.
Dropbox was quick to act and notified users that they were bringing in outside experts to investigate. Today, was the first day we received news from the investigation stating that hackers did in fact breach Dropbox. The company is now adding a two-factor authentication and other security features to prevent future problems.
What exactly happened? The company via their blog post stated that usernames and passwords were stolen from third-party websites, these were then used to sign in to a “small number of Dropbox accounts.” There was no mention to how much was a small number but the company stated it contacted those users and is helping them protect their accounts.
It goes on to further state that a Dropbox employee’s password was stolen which contained project documents with user email addresses. This is what the company believed led to the spam.
So what are the changes the user should expect to receive?
- Two-factor authentication—enabling a unique code in addition to your password when signing in. This should be available in a few weeks.
- New automated mechanisms to help identify suspicious activity. This will be increased over time.
- A new page that lets you examine all active logins to your account. This will be helpful so that users know when their account has been accessed.
- Lastly, requirement to change a password if it has not been changed in a long time.
Although Dropbox is heightening its security, users should also create unique passwords and take caution not to reuse the password. That is always an easy way for hackers to steal multiple information from you from different websites.
Analysts say that it wouldn’t be surprising if this hack has a ripple effect to multiple websites. For example when the LinkedIn password leaked, if users use the same password and email address for Dropbox it is very likely that those hackers can also access their account.
There have been so many instances of security breaches. It is important to be diligent with your passwords. Below are some safety tips that ALL users can benefit from:
- Use a unique password for each website you use.
- Use Capital letters characters and numbers. (ex. T3lec0m_New5)
- Change your password every 90 days
- Keep your passwords safe so that you don’t forget what they are.