Online storage company Dropbox has confirmed that it was in fact the victim of a hack last month in which usernames and passwords were stolen. Earlier this week the company admitted that a stolen password was used to access an employee Dropbox account that contained a project document detailing user email addresses.
Dropbox feels that this improper access is why some users reported receiving spam over the past few weeks sent to email addresses they only used for Dropbox. A deeper investigation also revealed that usernames and passwords were recently stolen from the website and used to sign into a “small number” of Dropbox accounts. These people have now been contacted by the firm and offered advice on how to protect their account details.
New security measures include a two-factor authentication process requiring two forms of proof of identity when signing in, such as a password and a temporary code sent to the user’s phone (this will roll out in a few weeks). The company is also working on a new automated mechanism to help identify suspicious activity, along with a page that enables users to examine all active logins on their account.
Dropbox will also proactively encourage users to change their password if, for example, it is a commonly used term or has not been changed for a while. “We strongly recommend you improve your online safety by setting a unique password for each website you use,” said the firm. “Though it’s easier to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk. Tools like 1Password can help you manage strong passwords across multiple sites.”
Complete original article posted at Digital Spy.
Leave a Reply
You must be logged in to post a comment.