New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.
Over a month ago, The Hacker News reported about the Dropbox Hack, where hackers had managed to steal more than 68 Million Dropbox accounts in a data breach that was initially disclosed by the online cloud storage platform in 2012.
Although the initial announcement failed to reveal the true scale of the data breach, it was in late August when the breach notification service LeakBase obtained
Dropbox recently disclosed that 68 million of its user’s login credentials were published after it was initially hacked back in 2012. Does changing a password now really make a difference?
The file servicing company is back in the spotlight after the login details of 68 million of its users were published after it was hacked back in 2012. Dropbox has taken the usual, sensible approach by reminding people to change their passwords regularly in any case and, in particular, when the security of any online provider they use has been compromised.
It has also initiated a push reset that changes all the passwords of those potentially affected to ensure no one was missed, reassuring impacted users that even if their previous passwords were compromised, their accounts cannot be accessed.
While companies suffering an unfortunate hack often recommend resetting passwords, few take the step of actively encouraging users to use 2-step authentication. In its blog, Dropbox recommended this approach – but its email notifications only mention passwords; the same is true of their help page on ‘Email and Passwords’.
I am sure, however, that we are not too far away from a company enforcing enhanced security, such as 2-step authentication, on its users. AVG recently conducted a poll in the US and UK to find out who people think is responsible for their online data. Against this backdrop, the findings are interesting.
Those who are most responsible for keeping online data safe are any businesses that store personal data (74%), banks (66%) and online security companies (57%). Only banks and security companies were seen as taking this responsibility seriously enough by 74% and 63% of people respectively.
So it seems that people expect a company like Dropbox to take responsibility for keeping their users’ data safe but they don’t necessarily think such businesses take this seriously enough. In addition, 86% of people polled said that personal identification data was the type of information they were most concerned about sharing, and having collected by businesses.
It’s great to see that people are aware – and concerned – about how other entities handle their private data and what degree of responsibility they take for holding that data. The news about Dropbox merely confirms that we can’t simply trust companies to keep our data safe.
So if you are affected by this breach, or have been affected by any other, then I recommend taking two steps to try to remedy the situation.
Firstly, secure any online accounts, such as banking or social media, by ensuring they aren’t using the same email and password combination. If you are re-using login details across multiple accounts, change them and use two-step authentication if possible, such as a password and a back-up phone number or other account.
Secondly, be alert to suspicious activity on your accounts such as receiving any potentially fake emails. If your data is at risk for having been compromised, you should validate these as genuine by contacting the company that sent them directly or visiting their website before taking any of the action suggested by the email.
Finally, as you would expect, I always recommend having a good internet security product on your PC or mobile devices. Whether you use a laptop or a tablet to access your online accounts, you should always ensure you are as protected as possible against any hacks, phishing tricks or spam emails because as we have seen, we can’t rely on other people to keep us safe online.
Though it may seem trivial, it is not: the security of your company and of your customers depends largely on the passwords that your employees use. In fact, should any of them make such a serious error as, for example, reusing their login credentials across different services, the consequences could be catastrophic, as Dropbox has recently learned.
The case of Dropbox, in figures.
Just a few days ago, the cloud storage company acknowledged that passwords of more than 68 million accounts had been leaked, with a security issue jeopardizing the information of its more tan 500 million users. All the problems started with a simple lapse on the part of one of the company’s employees
The incident occurred in 2012, when some Dropbox users began to complain: email accounts that they had used exclusively to register for the service had started to receive a lot of spam messages. The key to the mystery lay in the theft of passwords from a Dropbox employee: cyber-crooks had got hold of the employee’s LinkedIn password, which was the same as the one used for the cloud storage account. And in the Dropbox account, the employee had a document with a list of user’s email accounts. The perfect gift for spammers.
Some of the passwords that have now been leaked correspond to those accounts included in the previous theft some years before. In fact, a few days before its acknowledgement of this latest leak, Dropbox asked users that had not changed their passwords for some years to do so as soon as possible: “We’re reaching out to let you know that if you haven’t updated your password since mid-2012, you’ll be prompted to update it the next time you sign in. This is purely a preventative measure and we’re sorry for the inconvenience”, read the email.
Some of the passwords filtered correspond to hacked accounts years ago (…) Dropbox asked users that has not changed their passwords for 4 years ago to do so as soon as possible.
In short, poor password practice by employees in company email or service accounts can put the whole company at risk. In fact, Dropbox has already taken measures to enable employees to comply with corporate security rules, including among other things, not reusing passwords. You can also do the same. Panda’s security solutions include a password manager to facilitate the use of different passwords for different services, without having to memorize each one.
The post Companies that are making the same mistake as Dropbox appeared first on Panda Security Mediacenter.
When hackers infiltrated Dropbox in 2012 they made off with credentials for roughly 68 million users.
Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known 2012 data breach.
Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users.
<!– adsense –>
However, in a selection of files obtained
Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012, they’ll be prompted to update it the next time they log in.
Academics have developed a framework for typo-tolerant passwords that significantly enhances usability without compromising security.
A Chinese APT gang is targeting Hong Kong media outlets with backdoors that connect to legitimate Dropbox accounts.
Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the app that enabled attackers to connect applications on some devices to a Dropbox account without the user’s consent.