After LinkedIn and Yahoo!, it is the turn of Dropbox to become a victim of password theft. As a result of the breach of an employee’s account and recent password theft in other sites, Dropbox users have been exposed to huge spam.
Dropbox offers users free cloud space to store their photos and other documents. Users can access this information from anywhere by opening their account. It has a base of five crore users. Recently, users have complained to the service provider of receiving spam in the mail address used only for Dropbox.
“We’ve been working hard to get to the bottom of this, and want to give you an update. Our investigation found that usernames and passwords recently stolen from other Web sites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts,” the Dropbox team informed its users through a blog post.
Security experts have warned the users against using the same password for different service providers. "The Dropbox incident underlines the necessity of having different passwords for every Web site. As people pile more confidential information onto the Web, hackers have a greater incentive to penetrate accounts,” Graham Cluley, Senior Technology Consultant at security solutions firm Sophos, said.
Another layer of security is to encrypt the data before storing information in sites such as Dropbox. “Anyone who raids your account won't be able to make sense of what you have stashed in the cloud,” he said.
The Dropbox team also indicated that a stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. “We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again,” it said.