Details have emerged on the Dropbox breach that started with some suspicious spam and ended in an overhaul of the cloud storage provider’s security practices.
A few weeks ago, some users began receiving spam on email accounts that were linked solely to their Dropbox accounts. An investigation revealed that passwords stolen from other websites were used to gain access to a “small number” of accounts. (A lesson in never reusing passwords across multiple Web services.)
For Dropbox, the password debacle hit very close to home.
Aditya Agarwal, vice president of engineering for Dropbox, explained in a blog post, “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam.”
In the aftermath, the company is instituting new protections and procedures to bolster the popular cloud storage platform’s security.
During the coming weeks, Dropbox will be adding two-factor authentication as a sign-in option. Dropbox will also be keeping an eye on suspicious activity using automated mechanisms and will alert users if they are using easy-to-guess or aging passwords.
Dropbox users can now employ proactive measures via a new security tab in the account page. From there, users can determine the country of origin of the devices used to access their files, monitor the most recent activity on their accounts and unlink unauthorized devices.
While Dropbox’s disclosure raises cloud security concerns, market enthusiasm for cloud services continues unabated.
This week, Box.com, a business-flavored cloud storage rival, announced that it had closed on a round of financing worth $125 million, of which $100 million came from General Atlantic, a private equity firm. The company plans to use the funds to expand internationally, fuel the growth of its enterprise offerings and maintain market momentum.
According to Box.com, “Enterprise sales increased 200 percent year-over-year, and average deal size nearly doubled in the same period.” The cloud storage, file sharing and collaboration platform is used by 120,000 businesses and individuals and boasts a customer base that includes 92 percent of the Fortune 500.