Companies that are making the same mistake as Dropbox

dropbox panda security

Though it may seem trivial, it is not: the security of your company and of your customers depends largely on the passwords that your employees use. In fact, should any of them make such a serious error as, for example, reusing their login credentials across different services, the consequences could be catastrophic, as Dropbox has recently learned.

The case of Dropbox, in figures.

Just a few days ago, the cloud storage company acknowledged that passwords of more than 68 million accounts had been leaked, with a security issue jeopardizing the information of its more tan 500 million users. All the problems started with a simple lapse on the part of one of the company’s employees

The incident occurred in 2012, when some Dropbox users began to complain: email accounts that they had used exclusively to register for the service had started to receive a lot of spam messages. The key to the mystery lay in the theft of passwords from a Dropbox employee: cyber-crooks had got hold of the employee’s LinkedIn password, which was the same as the one used for the cloud storage account. And in the Dropbox account, the employee had a document with a list of user’s email accounts. The perfect gift for spammers.

Some of the passwords that have now been leaked correspond to those accounts included in the previous theft some years before. In fact, a few days before its acknowledgement of this latest leak, Dropbox asked users that had not changed their passwords for some years to do so as soon as possible: “We’re reaching out to let you know that if you haven’t updated your password since mid-2012, you’ll be prompted to update it the next time you sign in. This is purely a preventative measure and we’re sorry for the inconvenience”, read the email.

Some of the passwords filtered correspond to hacked accounts years ago (…) Dropbox asked users that has not changed their passwords for 4 years ago to do so as soon as possible.

In short, poor password practice by employees in company email or service accounts can put the whole company at risk. In fact, Dropbox has already taken measures to enable employees to comply with corporate security rules, including among other things, not reusing passwords. You can also do the same. Panda’s security solutions include a password manager to facilitate the use of different passwords for different services, without having to memorize each one.

 

The post Companies that are making the same mistake as Dropbox appeared first on Panda Security Mediacenter.

Leave a Reply