- dotTech - http://dottech.org -

Dropbox hack results in stolen usernames and passwords, new security measures


Dropbox [2] is an extremely popular cloud storage service used by many people, including me and likely you. However, popularity or size doesn’t mean you are immune from hackers. Since a few weeks Dropbox users have been complaining of a sudden increase in spam to e-mails that they only use for Dropbox. Dropbox has now confirmed that spam is related to a recent Dropbox security breach.

What happened is Dropbox was hacked and a bunch of usernames and passwords were stolen. One such user account belongs to a Dropbox employee and contained a file that had Dropbox users’ e-mail addresses. This document is the reason why many Dropbox users were (are?) being spammed.

Aside from the spam issue, the obvious issue at hand is the usernames and passwords of some Dropbox users were stolen. Dropbox has already contacted the affected users and informed them about the breach so they can change their passwords, and Dropbox has introduced a bunch of new security features to help prevent this from happening in the future:

While I understand that anyone can be hacked, it must be asked: does Dropbox store passwords in plain-text? Because, obviously, the hackers used the stolen info to login to user accounts meaning either passwords were (are) stored in a poorly protected format or were (are) stored in plain-text. What the hell Dropbox.

[via Engadget [4]]