DropBox Admits to Compromise Employee File with Usernames and Passwords Hacked
Dropbox on Tuesday reported via a blog post, that it was upgrading its security measures on the platform. This news came from the fact that a number of users emails and passwords, stolen from another recent site hack, had ended up allowing hackers to compromise the service.
One of the user names and passwords that the hackers gained access to belonged to a DropBox employee, of which a project file was accessed that contained additional live usernames and passwords. User email accounts were affected with a stream of spam, which was reported to Dropbox and is how they were able to discover the breach.
Recent high profile cases of username and password theft seem to all have a similar commonality. This is the fact that files, data, and lists exist with live user information available. This seems to be the heart of the problem. The question as to why these companies are not encrypting and never saving user password information is beyond me.
DropBox is stating that they are beefing up security measures and access controls, but to me the bigger issue that should be addressed is the live data issue. In the wrong hands access to these files can cause many issues for users including increased spam, access to personal and confidential information, and identity theft.
DropBox has been a service that has allowed users to upload documents and files, many of which contain sensitive company and personal information. News of the compromise of the service brings to light the need for control and security, but not just around usernames and passwords but also around sensitive documents containing live information.
It surprises me that more people are not demanding simple encryption around passwords. It is apparent that we will continue to see these types of breaches in security and information, and as long as documents exist with live information unauthorized users may gain access to them.