Dropbox Admits Hack, Adds More Security Features

An employee re-used a corporate password on other Web services, ultimately allowing a hacker to gain access to customer email addresses.

InformationWeek: After a two-week investigation into reports of increased spam among Dropbox users, the company has determined that attackers stole an unspecified "small number" of user account names and passwords. "We've contacted these users and have helped them protect their accounts," said Dropbox's Aditya Agarwal.

Apparently, the attacker was able to gain access to the information because of an internal password-reuse problem. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said Agarwal. "We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again."

Security experts say that the best way to protect yourself against attacks like these is to use a different password for every service and to encrypt any information stored in the cloud.

Tags: security, email, spam, password, DropBox, hack, hack attacks

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.