After hundreds of Dropbox users started to receive e-mails containing various types of spam, such as the ones referring to online casinos and gambling websites, the online file storage service reacted immediately and started an internal analysis, followed by an external investigation done by a group of experts.
Dropbox eventually confirmed that hackers were able to access usernames and passwords from third party websites and then used the obtained info in order to access the accounts of Dropbox users. The company revealed that they have contacted those who have suffered from this hack to help them protect their accounts. Dropbox also mentioned that someone stole and used the password of an employee Dropbox account that contained a project document with the user account e-mails.
The issue occurred for the first time at the beginning of July, 2012, when several users of Dropbox reported on the firm’s official forum that they have received a lot of spam on the e-mail addresses that were associated exclusively with Dropbox. Most of the users affected by this issue were from Europe, with many of them coming from countries like Germany, Holland and United Kingdom.
The good news is that Dropbox has implemented several security enhancements so that this problem won’t occur in the future. The team at the online file storage service recommends that users should set up different passwords for different websites. Dropbox said that in the near future they will start providing an optional two-factor authentication service, which probably means that users will have to enter a password to access their account along with providing a temporary code that will be sent to their phones.
Aside from doing this, Dropbox has also created a new page where users can view all the active logins related to their accounts. The service also has plans on implementing a new automated feature that will be capable of checking for suspicious activity. In some of the cases, users of Dropbox are asked to modify their password which is a commonly used one or has not been changed for a while.
The Dropbox team emphasizes the importance of avoiding using the same password for all websites and accounts because these reusable passwords pose a high risk, taking into account that if one of the accounts/websites is compromised, all of the other accounts will be at a high risk.
Hopefully, with these new security features implemented, Dropbox users will be safe from these hacks.