Unsafe password practices by Dropbox employee leads to
Dubai, United Arab Emirates, August 2, 2012 - IT security and control firm Sophos is reminding internet users of the importance of choosing different passwords across their online accounts, following reports of a password breach at popular cloud storage provider Dropbox.
Dropbox recently discovered that usernames and passwords stolen from other websites were successfully used to sign in to Dropbox accounts, suggesting that those users affected were using the same sign-in credentials for multiple online accounts. One compromised account belonged to a Dropbox employee, and contained a document containing the email addresses of Dropbox users.
Dropbox believes that this breach has led to the high level of spam received by some users. Dropbox is now taking steps to help affected users protect their accounts, and improve security as a whole*.
"The Dropbox incident underlines the necessity of having different passwords for every website," said Graham Cluley, senior technology consultant at Sophos. "As people pile more confidential information onto the web, hackers are being given a greater incentive to penetrate accounts. The frequency and severity of these data breaches is proving time and time again that users must make better efforts to protect themselves."
"If you are going to entrust sensitive data to Dropbox, my advice is that you should automatically encrypt it before sharing it with the service," continued Cluley. "That way anyone who raids your account won't be able to make sense of what you have stashed in the cloud anyway. Businesses are waking up to the need to use automatic and invisible encryption alongside their cloud storage - protecting users who make use of services such as Dropbox."
For more information on the Dropbox breach and for further advice regarding passwords visit Sophos's Naked Security site at:
Follow Graham Cluley on Twitter: http://twitter.com/gcluley