Dropbox Admits Hack, Adds More Security Features

An employee re-used a corporate password on other Web services, ultimately allowing a hacker to gain access to customer email addresses.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

InformationWeek: After a two-week investigation into reports of increased spam among Dropbox users, the company has determined that attackers stole an unspecified "small number" of user account names and passwords. "We've contacted these users and have helped them protect their accounts," said Dropbox's Aditya Agarwal.

Apparently, the attacker was able to gain access to the information because of an internal password-reuse problem. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said Agarwal. "We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again."

Security experts say that the best way to protect yourself against attacks like these is to use a different password for every service and to encrypt any information stored in the cloud.

Tags: security, email, spam, password, DropBox, hack, hack attacks

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.