There’s been a lot of headlines on tech sites over the last couple of days about Dropbox, the popular cloud-based storage service, claiming that it’s been hacked. According to reports, up to 6.9 million Dropbox usernames and passwords have been compromised, and a handful were leaked online in a pastebin post, with the alleged hacker soliciting “donations” to encourage additional leaks.
While Dropbox was little slow off the mark to respond – presumably wanting to confirm that their systems remain secure and untouched by unauthorised parties – the company yesterday released a denial:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
The good news is after some work by Dropbox to get their hands on the leaked data and a comparison to their actual live data they updated the Blog Post.
Update: 10/14/2014 12:30am PT
A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.
What does this mean for Dropbox users?
As always, be diligent with your data security. If you are alerted to an actual (or potential) compromise of your username and password, you should change your password immediately.
If you use the same username and password for Dropbox as another service, you should consider changing it. If you’re concerned that you won’t be able to remember lots of different passwords, consider using a password manager – LastPass is our choice.
If the service you’re using can support 2 step verification – which is offered by Dropbox – you should enable and use it. I use Authy as my authenticator app of choice for this.
Other Resources
You should check Have I Been Pwned, a site that can tell you if your email address has been found in data posted online by attackers.
Additionally, if you do use LastPass, you can ask it to check your password vault to ensure your passwords and unique on every site – a reused password is a big risk if a service you’re using falls to a malicious attack. Other password managers likely offer similar services, too. In particular, we like that LastPass will email you if they find your credentials in account lists posted online by hackers.
Security online is a game of compromises: Do you prefer to have your data always at your fingertips with the potential for a breach, or would you rather store your data privately on your own physical media that you can see and touch?
Were you affected by the Dropbox leaks? Do you prefer shared cloud or private storage for your data? Tell us in the comments.
Thanks, that reminds me to run my LastPass security check. Apparently I needed to update a lot of accounts!! And now have about 10 two-factor authentications setup care of Authy!
When I heard it was a third party I thought it was some service that hooks into Dropbox but couldn’t find out which one. It appears not to be the case.
Would 2 factor authentication help in this scenario? You have dropbox installed on your computer. Someone else in the house also uses the computer under their own login. They navigate to your dropbox folder and delete a bunch of stuff. Next time you log on, the changes sync back to dropbox and your stuff is gone – and you are none the wiser.
Depends on your particular permissions and setup, but my suspicion would be that other users on the computer can’t access your Dropbox folder. Why not set up some dummy users yourself and give it a try?
If it’s local user accounts setup correctly under your user profile. They shouldn’t have access. If they do, change the security permissions on your system to restrict access.
Your porn collection should be safe then, however dropbox does pop-up an a sync notification…
My Uncle=REED just got gold Dodge Challenger SRT8 Core by w0rking parttime 0n, COMPUTER from home;. navigate to this website,
⇛⇛⇛⇛⇛►►► ow.Ly/CwNl6