To say that Dropbox
was “hacked” is a bit unfair to the popular cloud storage service, if Dropbox’s reasoning is to be believed. The company announced that it has discovered that usernames and passwords that were stolen from other sites were used to log in to a few Dropbox user accounts, and at least one of those accounts belonged to a Dropbox employee whose files contained more user email addresses. As a result, Dropbox users were seeing spam.
It’s good that Dropbox is admitting the security breach, and it’s taking fixing the immediate problem as well as enacting measures to ensure that it doesn’t happen again.
First, Dropbox contacted affected users and “helped them protect their accounts”. Coming within weeks will be a two-factor authentication system, automated mechanisms to warn you of suspicious activity, and the occasional prompt to change your password.
There’s also a new security page that not only shows you which devices can access your account, but also any current Web sessions attached to your account (complete with information on recent activity and an IP address).
In a post discussing the breach and new security features, Dropbox also reminded users that it’s a good idea to use different passwords for various sites and accounts--you know, so Dropbox doesn’t get hacked again.