DropBox has announced that a number of usernames and passwords stolen from other websites have been used to hack into DropBox accounts. This came to their attention a few weeks ago when people reported receiving spam from a number of DropBox.com email addresses.
As it turns out, one of the stolen passwords was that of a DropBox employee, and a document from his account contained the usernames and passwords of many users. This compromise in security is largely responsible for the spam emails, as well as much of the hacked DB accounts.
So, what can DropBox users do to prevent further security issues? First, change your password on the DropBox site (linked devices will remain linked). Second, if you’re one of those people who uses the same username and password combo on multiple sites… stop doing that. Hackers used stolen name and password combinations from other less secure sites inorder to login to DB accounts. Had the passwords been different from those used on DropBox.com, these accounts would not have been in jeopardy.
Of course, DropBox has gone ahead and beefed up their authentification process, adding a bunch of new security features to the site. But the best thing to do is to follow security guidelines for creating and storing passwords. We’ve discussed these methods in previous posts, but after today’s announcement, it couldn’t hurt to reacquaint yourself with the latest apps and tactics used to prevent hackers from ruining your day (or employment status).