In a blog post yesterday, Dropbox confirmed that their security has been breached. Apparently some users were getting spam emails on the email addresses they used for their Dropbox account.
“Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.” Additionally, it was discovered that, ” a stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam.”
Of course the Dropbox team has contacted the affected users as well as taken additional steps to ensure such an issue doesn’t happen in the future.
The following steps are being implemented:
- - Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
- - New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
- - A new page that lets you examine all active logins to your account.
- - In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)
Regardless, we advise our readers to go ahead and change their Dropbox passwords immediately, just in case.