Dropbox Hacked?

Discussion in 'The Off Topic Lounge' started by Crackerz Wave, 2 Aug 2012.

  1. Crackerz Wave

    Crackerz Wave The Dictator
    Staff Member Moderator VIP

    Joined:
    20 May 2012
    Messages:
    650
    Likes Received:
    128
    Dropbox confirms it was hacked, offers users help

    After a two-week investigation, the online file storage service confirms that usernames and passwords were stolen from third party Web sites and then used to access Dropbox accounts.

    When a few hundred Dropbox users began receiving spam emails about online casinos and gambling sites two weeks ago, it seemed like something was up. And indeed there was.

    The online file storage service confirmed todaythat hackers accessed usernames and passwords from third party sites and then used them to get into Dropbox users' accounts.

    "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," the company wrote in a blog post today. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."

    When the problem first began earlier in the month, several Dropbox users posted on the company's Web site forum saying they received spam from email addresses only associated with Dropbox. By the time the company got a hold on the situation, 295 people had posted on the forum. The majority of the users were European, coming from Germany, Holland, and the U.K.

    Dropbox has since put in place additional security controls to avoid a repeat occurrence. According to the company blog post, here are some of the steps it is taking:
    • Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
    • New automated mechanisms to help identify suspicious activity. We'll continue to add more of these over time.
    • A new page that lets you examine all active logins to your account.
    • In some cases, we may require you to change your password. (For example, if it's commonly used or hasn't been changed in a long time)
    The file storage service also recommends that users avoid using the same password on multiple sites, since it means that if one site has a security breach then all accounts could be at risk. As TechCrunch notes, Dropbox's security breach is eerily reminiscent of LinkedIn's mega-password leak in June, not that the two were related or even on the same scale.
     
  2. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,093
    Likes Received:
    1,190
    don't be lazy, it is highly annoying. Don't make me demote you
     
  3. Crackerz Wave

    Crackerz Wave The Dictator
    Staff Member Moderator VIP

    Joined:
    20 May 2012
    Messages:
    650
    Likes Received:
    128
    sorry.. i will edit the post
     
  4. Nick Munford

    Nick Munford Member

    Joined:
    5 Mar 2014
    Messages:
    2
    Likes Received:
    0
    Laugh out loud good job, thanks for the info. :)
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K