Email List Stolen From Hacked Dropbox Employee - InformationWeek
Cloud // Cloud Storage
08:02 AM
How Upwork Cut Zero-Day File Attacks by 70%
Oct 05, 2017
Upwork has millions of clients and freelancers that have to upload and download many files to and ...Read More>>

Email List Stolen From Hacked Dropbox Employee

An employee's Dropbox account with an insecure password was compromised. A list of user e-mails from that account was used in a spam campaign. The company recommends users get a password manager.

Dropbox has acknowledged that one of its employees' Dropbox accounts was hacked. The hacked Dropbox account contained a list of customer emails and those users were, in turn, sent spam. According to a report in TechCrunch, some users reported that email accounts receiving the spam were only used for Dropbox, which raised suspicion that Dropbox was hacked. This led Dropbox to investigate the issue, and the investigation revealed that one of their employees had been hacked along with other Dropbox accounts.

Dropbox asserts that usernames and passwords were hacked on other unnamed websites and that these credentials were the same as those used in the hacked Dropbox accounts. While this diverts much blame away from Dropbox, the problem remains that Dropbox employees were using unencrypted email lists stored on the public Internet with minimal security.

To improve security, Dropbox will soon implement a new two-factor authentication system that involves sending Dropbox users temporary codes to their cell phones. They will also scan for suspicious activity and give users access to a monitoring page that lets you examine all active logins to your account. Dropbox will also prompt users to change less secure passwords or passwords that haven't changed in a long time. That may annoy users with strong one-time use passwords that don't really need to be changed over time, but it is considered best practice.

Dropbox also suggests to its users that they should use password management tools so that they can use a unique password on every website they visit. As for the user list stored in an employee Dropbox account the company only says that they "...have put additional controls in place to help make sure it doesn't happen again."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll