Dropbox Security Issue Confirmed

Dropbox Stuff

Dropbox has confirmed on their blog, that email addresses of user accounts were compromised.  A few weeks back, Dropbox users began posting to the Dropbox support forums, complaining about spam.  These were users that were utilizing a unique email address, used only for Dropbox.

While it’s possible that some of the users could have been mistaken, the amount of users posting with this issue pointed to a compromise of email addresses.

According to their post:

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.

They go on to state that:

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses.

So the compromise wasn’t from an ‘army of hackers’ who broke in by typing thousands of lines of code.

h4x0r
Token h4x0r pic.

A login was compromised and that was used to gain access to a plain-text document that contained a list of Dropbox user email addresses.

Dropbox has added a number of new security features, including two-factor authentication and “automated mechanisms to help identify suspicious activity.”  If you utilize Dropbox and haven’t done so already, it’s a good idea to go ahead and change your password.  Don’t use a password/email combination that you use on other sites.  We recommend KeePass for generating and securely storing your passwords.

Dropbox is a great service and it’s free.  This should serve as a reminder though, that things don’t work like they show you on CSI.


Update, 8.27.2012: In response to the recent security issue with user account emails, Dropbox has added two-factor authentication.  If you utilize Dropbox, we strongly recommend enabling this feature.

I am a Software Developer, System Administrator, and consignment software specialist. I currently manage hundreds of consignment workstations, point of sale systems, and database servers all across North America and I am the developer of Peeps' Software, Peeps2Go, and Peeps' Consignor Login for iOS and Android. I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. Peeps' Software launched in 2016 and is now on hundreds of systems all across North America. I have successfully converted dozens of stores from all of the major consignment software systems. After 20 years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old buildings or strip malls, to advocating for them when their old consignment software keeps crashing.

Leave a Comment

Your email address will not be published. Required fields are marked *

*
*

Back To Top