Dropbox Security Issue Confirmed

Dropbox Stuff

Dropbox has confirmed on their blog, that email addresses of user accounts were compromised.  A few weeks back, Dropbox users began posting to the Dropbox support forums, complaining about spam.  These were users that were utilizing a unique email address, used only for Dropbox.

While it’s possible that some of the users could have been mistaken, the amount of users posting with this issue pointed to a compromise of email addresses.

According to their post:

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.

They go on to state that:

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses.

So the compromise wasn’t from an ‘army of hackers’ who broke in by typing thousands of lines of code.

Token h4x0r pic.

A login was compromised and that was used to gain access to a plain-text document that contained a list of Dropbox user email addresses.

Dropbox has added a number of new security features, including two-factor authentication and “automated mechanisms to help identify suspicious activity.”  If you utilize Dropbox and haven’t done so already, it’s a good idea to go ahead and change your password.  Don’t use a password/email combination that you use on other sites.  We recommend KeePass for generating and securely storing your passwords.

Dropbox is a great service and it’s free.  This should serve as a reminder though, that things don’t work like they show you on CSI.

Update, 8.27.2012: In response to the recent security issue with user account emails, Dropbox has added two-factor authentication.  If you utilize Dropbox, we strongly recommend enabling this feature.

I am a consignment software specialist, System Administrator for hundreds of consignment workstations across North America, and developer of Peeps' Software! I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. After 17+ years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old building or strip malls, to advocating for them when their consignment software keeps crashing. I now manage over 600 computer systems, servers & websites for store-owners all across North America and I am the developer/programmer of Peeps' Software -- the only software written FOR consignment & resale stores specifically.

Leave a Comment

Your email address will not be published. Required fields are marked *


Back To Top