Dropbox gets hacked ... again « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » Talks

Dropbox gets hacked ... again

(2 posts) (1 voice)

Started 12 years ago by Anonymous
Latest reply from Anonymous

Anonymous
Unregistered

http://www.zdnet.com/dropbox-gets-hacked-again-7000001928/

Dropbox gets hacked ... again

Summary: After last year's embarrassing data breaches, Dropbox promised to implement additional safeguards "to prevent this from happening again." Whoops, it just happened again.

Running a secure online service is hard work. It costs money and it requires nonstop vigilance.

It’s the kind of work that gets tested regularly. How a company responds to security challenges defines the difference between earnest startups and companies that deserve to graduate to the big time.

Dropbox just failed that test.

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam.

Posted 12 years ago #
Anonymous
Unregistered

http://www.v3.co.uk/v3-uk/analysis/2196654/dropbox-password-breach-highlights-risks-of-free-storage-services

Dropbox password breach highlights risks of free storage services
The breach resulted in a number of customers receiving spam email messages. The attackers reportedly got access to the customers' data by hacking into a Dropbox employee's email account.

Security researchers have since attacked Dropbox's lax attitude towards passwords security, with Trend Micro security chief Rik Ferguson telling V3 that he was concerned by several aspects of the incident.

"Firstly, a Dropbox engineer was using live customer information in a ‘project document'. This document was accessible, it seems, because the Dropbox employee was reusing their corporate password on other web services which were compromised," he explained.

"Secondly, Dropbox chose to inform their customers with an email notification containing a link to reset their password. This practice goes against the years of advice that we have given, warning users not to click links in unsolicited mails, especially those requesting that you visit a web site to enter any kind of credentials."

Posted 12 years ago #

RSS feed for this topic

Reply

You must log in to post.