When several hundred users of the popular file online storage site Dropbox, started receiving all types of spam emails from various casino and gambling sites the last two weeks, no doubt something was wrong.
After a short investigation, Dropbox had confirmed that hackers had accessed usernames and passwords from other third party sites to spam Dropbox users' accounts.
“Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.”
After the problem first began, about 295 people had posted on the Dropbox web site forums about the spam from email addresses only associated with Dropbox.CNET also reported that the majority of the users were European, coming from Germany, Holland, and the U.K.
Since then Dropbox has placed additional security measures and controls to avoid another occurrence. In a company blog post here are some of the steps Dropbox will taking:
* Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
* New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
* A new page that lets you examine all active logins to your account.
* In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)
Dropbox also strongly suggests that users practice online safety by using a unique password for each website visited, and refers tools like 1Password to help manage strong passwords when accessing multiple sites.
More details can be found within the Dropbox Blog Post at http://blog.dropbox.com/index.php/security-update-new-features/ or contact support+security@dropbox.com.
