The huge Dropbox password leak that wasn't

Don’t believe everything bad you read on the internet.
Update: Since this article was written it has emerged that millions of Dropbox credentials have been made exposed.

Read this article for more details: "Millions of Dropbox users are being advised to change their passwords".

The original article is reproduced below for your reference.

The huge Dropbox password leak that wasn't

A lot of people use Dropbox.

A lot of people put a lot of valuable, sensitive and personal data inside Dropbox.

A lot of people make the mistake of not encrypting their valuable, sensitive and personal data before they put it inside Dropbox.

Which all adds up to a whole heap of trouble if Dropbox suffers a data breach.

Alleged Dropbox breach

Fortunately, as Brian Krebs reports, recent claims from identity theft protection firms that Dropbox has suffered a massive password breach appear to be erroneous.

Troy Hunt - who knows a thing or two about verifying and responsibly disclosing data breaches - also chimed in, decrying that some had jumped to the conclusion that a serious breach had occurred without an attempt to independently verify, or even consult Dropbox itself.

Instead, the data swirling around the net appears to be derived from the mega breaches at Tumblr, LinkedIn and MySpace that have recently been in the spotlight.

Of course, if you were making the mistake of using the same password in multiple places - for instance, the same password for Dropbox that you use at Tumblr - then yes, you would be wise to change them.

But that's far from claiming that Dropbox has suffered a huge password leak. Because there is no evidence to suggest it has.

Nonetheless, with so many mega-breaches making the news, there's certainly no harm in hardening your security and - for instance - enabling two-step verification on your Dropbox account to make it harder for hackers to break into.

I don't mean to suggest that Dropbox is immune from making security blunders, of course.

For instance, in 2012 one of its employees had his password stolen, and spammers managed to steal a database containing the email addresses of users.

And the year before, the site dropped a huge clanger - accidentally turning off all password validation for about four hours. That meant that anyone was able to access anyone else's Dropbox account using any password.

Sheesh. Now do you see why I recommend encrypting your files before uploading them to Dropbox? It's not just about stopping Dropbox or a government agency snuffling through your files - it's in case Dropbox makes another goof like that in the future.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

One Response

  1. James

    August 31, 2016 at 8:07 am #

    Are you going to revise this article now they have admitted the breach of 68 million user name and passwords ?

Leave a Reply