Dropbox has confirmed on their blog, that email addresses of user accounts were compromised. A few weeks back, Dropbox users began posting to the Dropbox support forums, complaining about spam. These were users that were utilizing a unique email address, used only for Dropbox.
While it’s possible that some of the users could have been mistaken, the amount of users posting with this issue pointed to a compromise of email addresses.
According to their post:
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.
They go on to state that:
A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses.
So the compromise wasn’t from an ‘army of hackers’ who broke in by typing thousands of lines of code.
A login was compromised and that was used to gain access to a plain-text document that contained a list of Dropbox user email addresses.
Dropbox has added a number of new security features, including two-factor authentication and “automated mechanisms to help identify suspicious activity.” If you utilize Dropbox and haven’t done so already, it’s a good idea to go ahead and change your password. Don’t use a password/email combination that you use on other sites. We recommend KeePass for generating and securely storing your passwords.
Dropbox is a great service and it’s free. This should serve as a reminder though, that things don’t work like they show you on CSI.
Update, 8.27.2012: In response to the recent security issue with user account emails, Dropbox has added two-factor authentication. If you utilize Dropbox, we strongly recommend enabling this feature.
Dean
I am a Software Developer, System Administrator, and consignment software specialist. I currently manage hundreds of consignment workstations, point of sale systems, and database servers all across North America and I am the developer of Peeps' Software, Peeps2Go, and Peeps' Consignor Login for iOS and Android. I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. Peeps' Software launched in 2016 and is now on hundreds of systems all across North America. I have successfully converted dozens of stores from all of the major consignment software systems. After 20 years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old buildings or strip malls, to advocating for them when their old consignment software keeps crashing.