A couple of weeks ago Dropbox hired some "outside experts" to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee’s account was hacked, allowing access to user e-mail addresses.
In an explanatory blog post, Dropbox today said a stolen password was "used to access an employee Dropbox account containing a project document with user email addresses." Hackers apparently started spamming those addresses, although there’s no indication that user passwords were revealed as well. Some Dropbox customer accounts were hacked too, but this was apparently an unrelated matter. "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts," the company said.
Dropbox noted that users should set up different passwords for different sites. The site is also increasing its own security measures. In a few weeks, Dropbox said it will start offering an optional two-factor authentication service. This could involve users logging in with a password as well as a temporary code sent to their phones.
Read 1 remaining paragraphs | Comments
No comments:
Post a Comment