Dropbox Hacked?

Discussion in 'The Off Topic Lounge' started by Crackerz Wave, 2 Aug 2012.

  1. Crackerz Wave

    Crackerz Wave The Dictator

    Joined:
    20 May 2012
    Messages:
    649
    Likes Received:
    128
    Dropbox confirms it was hacked, offers users help

    After a two-week investigation, the online file storage service confirms that usernames and passwords were stolen from third party Web sites and then used to access Dropbox accounts.

    When a few hundred Dropbox users began receiving spam emails about online casinos and gambling sites two weeks ago, it seemed like something was up. And indeed there was.

    The online file storage service Login or Signup to view links / downloadsthat hackers accessed usernames and passwords from third party sites and then used them to get into Dropbox users' accounts.

    "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," the company wrote in a blog post today. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."

    When the problem first began earlier in the month, several Dropbox users Login or Signup to view links / downloads saying they received spam from email addresses only associated with Dropbox. By the time the company got a hold on the situation, 295 people had posted on the forum. The majority of the users were European, coming from Germany, Holland, and the U.K.

    Dropbox has since put in place additional security controls to avoid a repeat occurrence. According to the company Login or Signup to view links / downloads, here are some of the steps it is taking:
    • Login or Signup to view links / downloads, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
    • New automated mechanisms to help identify suspicious activity. We'll continue to add more of these over time.
    • A Login or Signup to view links / downloads that lets you examine all active logins to your account.
    • In some cases, we may require you to change your password. (For example, if it's commonly used or hasn't been changed in a long time)
    The file storage service also recommends that users avoid using the same password on multiple sites, since it means that if one site has a security breach then all accounts could be at risk. As Login or Signup to view links / downloads notes, Dropbox's security breach is eerily reminiscent of Login or Signup to view links / downloads in June, not that the two were related or even on the same scale.
     
  2. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member VIP Admin

    Joined:
    18 May 2012
    Messages:
    3,097
    Likes Received:
    1,230
    don't be lazy, it is highly annoying. Don't make me demote you
     
  3. Crackerz Wave

    Crackerz Wave The Dictator

    Joined:
    20 May 2012
    Messages:
    649
    Likes Received:
    128
    sorry.. i will edit the post
     
  4. Nick Munford

    Nick Munford Member

    Joined:
    5 Mar 2014
    Messages:
    2
    Likes Received:
    0
    Laugh out loud good job, thanks for the info. :)
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K