Dropbox blames employee account breach for spam attack
The company said it plans to introduce new protections to guard against account compromises
IDG News Service - Dropbox said Tuesday one of its employee's accounts was compromised, leading to a raft of spam last month that irritated users of the cloud-storage service.
A stolen password was used to access the employee's account, which contained "a project document with user email addresses," Dropbox engineer Aditya Agarwal wrote on the company's blog.
"We believe this improper access is what led to the spam," Agarwal wrote. "We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again."
The company also found that usernames and passwords that had been stolen from other websites were used to access "a small number of Dropbox accounts," Agarwal wrote. Hackers commonly try username and password combinations from breaches on other web services in hopes people use the same combination, a common security problem.
The spam, written in German, English and Dutch, advertised gambling websites and seemed to affect only European users. Many of those users wrote on the company's forum they had used a unique email address solely for Dropbox, leading to suspicions the company had been hacked.
Dropbox brought in an outside security team to investigate, but maintained on July 21 that it had found no intrusion of its internal systems or other compromised accounts.
In light of the breach, Dropbox said it plans in a few weeks to introduce two-factor authentication, such as a system that would send a temporary code to a person's phone.
Other planned upgrades include a new page that will show logs of user account activity and other "automated mechanisms to help identify suspicious activity," Agarwal wrote. Users may also be prompted to change their password if it has not been changed in a long time.
Send news tips and comments to firstname.lastname@example.org
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Three Best Practices to Help Government Agencies Overcome BYOD Challenges This paper highlightschallenges facing government IT in a BYOD environment and discusses strategies for network preparation, ongoing support, and securing information to enable...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage... All Data Storage White Papers | Webcasts