Saturday, August 4, 2012

Dropbox Admits Breach After Weeks Of Silence

Details review an employee logon was breached at Dropbox.


Dropbox Full
Dropbox is a great product and one that so many people have on their computers and mobile devices. They make it so easy to use and have versions for just about every computer and mobile device. And they are far ahead of all the others in this market in support different devices. So, it was a surprise when we started to hear about spam emails being sent to Dropbox customers, some with email addresses which are not used anywhere else. Then the concerns about a security breach of the company started coming out.

We reported on the hiring of security experts after the spam emails were being reported by many users in Europe. It was less than a week later where Dropbox reported they have not found any intrusions into systems which was supposed to put people at ease. In reality, it seem to cause far more concerns for those who were vocal about having private emails receiving spam.

For some, they had created an email specifically to be used for logging on to Dropbox and no where else. So, when they started receiving spam emails, the first thought was that Dropbox had been hacked. And that was a very reasonable conclusion. So, we finally have Dropbox reporting on what they found. They are admiting they were hacked. They point the finger at usernames and passwords stolen from other sites resulted in "some users accounts" being accessed by the hackers.

A much bigger revelation is that one of those stolen passwords from another site was used to gain access to the account of a Dropbox employee. And it was that logon which contained a marketing spreadsheet which contained a pretty good size list of names and email addresses. We had speculated that the user names came possibly from a single employee who was trying to make some money from selling them. We were off base on that, but pretty close that it involved a single employee.

We have been talking for several months about the need to have strong passwords in place because the skills of hackers are getting more sophisticated. The other item we have talked about is to not use the same logon and password across multiple sites. If one site gets hacked, they are going to try to use what they have gathered on many other sites to see if they can get in. And that is exactly what has happened in this situation. You need to reevaluate your passwords and strategies

Exactly what this will mean for Dropbox and how the public views them is an unknown. Given all the sites which have been hacked over the last year, everyone needs to step up their efforts to protect themselves. While Dropbox was hacked last month, it may be one of their competitors which will be hacked next month. It seems that hackers are going all out to try and gain access to companies to get logons and passwords. That has become the new reality for everyone. So your best defense is a strong password which is not duplicated across other sites.

No comments:

Post a Comment