It hasn’t been a good couple of months for online services.
First it was LinkedIn that had 6.5 million usernames and passwords leaked on to the net in June. Then Yahoo had to grapple with a data breach that led to the data breach of 500,000 of its users last month.
And now Dropbox has confirmed that hackers have been able to access a ‘small number’ of its users dropbox accounts and have promised to take immediate remedial measures.
The issue started when a number of Dropbox users started complaining that they were receiving spam emails tied to their dropbox accounts, which meant that the leak was connected to Dropbox. Many of those reports came from European countries including Germany, the UK and the Netherlands.
Dropbox conducted an investigation and have now confirmed in an official blog post that “a small number of accounts” were indeed accessed by hackers.
The post says, “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.”
The new processes include several steps detailed below:
* Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
* New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
* A new page that lets you examine all active logins to your account.
* In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)
The company said it had got in touch with users whose accounts were hacked, and has also urged all its users to use unique passwords for different services. Especially given that hackers seem particularly active on social media, its that much easier for a hacker to use the passwords from one service and access data on others.