Dropbox Hit by Major Security Breach, Adds New Security Features to Compensate

Dropbox Hit by Major Security Breach, Adds New Security Features to Compensate

Dropbox admitted on Tuesday that its users had been experiencing a torrent of spam. Upon investigating, the company concluded that the source of the problem was password reuse by a Dropbox employee, which created a security hole.InformationWeek:

“Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts,” said Aditya Agarwal, VP of engineering at Dropbox, Tuesday in a blog post.

The investigation began two weeks ago, when users began reporting spam attacks against email address that were used for access to the Dropbox service.

Many of the attacks were traced to password-reuse within Dropbox itself – one of the stolen passwords belonged to a Dropbox employee, who had a number of user email addresses stored in his account. This lead to a mass spamming of Dropbox users.

Dropbox has apologized to users, and promised to tighten security by adding new security controls. The controls will include a page that will let users review the login history related to their account, mechanisms to identify suspicious activity, and two-factor authentication.

Security experts, such as Rik Ferguson,  director of security research and communication at Trend Micro, are questioning whether Dropbox’s fixes go far enough.

This document was accessible, it seems, because the Dropbox employee was reusing their corporate password on other Web services which were compromised. It is not specified which services they refer to, but again, why?

He also criticized Dropbox’s use of email to inform users of the breach. They had included a “reset your password” link in the email, making them appear very much like the very spam and phishing schemes that people have been warned to avoid!

Despite the new security measures added by Dropbox, account holders are strongly encouraged to change their passwords as soon as possible.

  1. 543725 387152very nice post, i definitely enjoy this fabulous site, persist with it 432274

  2. 816881 568543When I originally commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get several e-mails with the same comment. Is there any way you can remove me from that service? Many thanks! 837298

  3. 166877 271317dog grooming could be the specialty of my sister, she really loves grooming every dog in our house 250527

  4. 193604 586938But wanna say that this really is really beneficial , Thanks for taking your time to write this. 979275

Leave a Reply

Your email address will not be published. Required fields are marked *