Dropbox confirms hack, announces 2-factor authentication
Posted on 01 August 2012.
Bookmark and Share
After weeks of investigating how it came about that a sizable number of its European users began receiving spam advertising gambling websites to dedicated (and not) email addresses, file hosting service Dropbox has shared the result of the investigation.


"A stolen password was used to access an employee Dropbox account containing a project document with user email addresses," Aditya Agarwal, Dropbox’s VP of Engineering, wrote on Tuesday.

"We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again."

He also mentioned that their investigation also discovered that some Dropbox accounts were compromised through the use of usernames and passwords recently stolen from other websites, pointing out the need for using different passwords for every online account.

Among the security improvements Dropbox is planning to add to make sure things like this don't happen again is optional two-factor authentication, a new page that lets users examine all active logins to their account, and the forced password change for users who have not changed their passwords in a while or are using a common one.

He also announced new automated mechanisms to help identify suspicious activity, and says that more of these will be added over time.






Spotlight

How cybercriminals profit from money laundering through gambling sites

Posted on 24 April 2014.  |  A new report identifies the proliferation of online casinos, an industry set to grow nearly 30% over the next three years, and how their use is fueling cybercrime.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //