Refer to this as a learning moment. Dropbox, the popular cloud storage service accepted on Tuesday that it’s been compromised. The number of accounts that were jeopardized and what data might have been stolen is not known, but if it was, Dropbox is not saying.
So what is the lesson here? You will find two:
- No matter what suppliers sell to you, cloud storage is not, and most likely won’t be, completely secure.
- Users who still haven’t determined that one password on multiple sites is not wise are merely asking to become compromised.
The Dropbox hack started to come to light in mid-This summer when customers from the file storage service observed that they are getting junk e-mail forwarded to email options they merely use to gain access to Dropbox. This was an apparent tip-off that the leak was inside Dropbox.
Once customers started to publish complaints concerning the junk e-mail in a technology forum site, the organization looked into it. As late as last Friday, the organization stated it didn’t have proof of a hack. That story transformed significantly when the organization introduced this using a blog publish by Aditya Agarwalm, their Vice president of Engineering:
“Our analysis discovered that passwords lately stolen using the company websites were utilised to register to a small amount of Dropbox accounts. We have approached these customers and also have assisted them to safeguard their accounts.
“A stolen password seemed to be accustomed to access an active Dropbox account that contains a task document with user emails. We feel this improper access is exactly what brought towards the junk e-mail. We are sorry relating to this, and also have put additional controls in position to assist and make certain it does not happen again.”
Notice what’s happening here. On one side, the organization is acknowledging that the security was poor. You will know because as you read further in this article is a listing of 4 actions that dropbox did to plug its unreliable security measures.
“Simultaneously, we highly recommend you enhance your online safety by setting a distinctive password for every website you utilize. Though it’s very easy to reuse exactly the same password on different websites, what this means is if anyone website is jeopardized, all of your accounts are at risk.”
The final point is a great one. I’ve got an officemate who keeps important texts and information in Dropbox, uses passwords again and again, and monitors them within an uuencoded document file. Her security strategy: “I do not title the file ‘passwords,'” she explained.
I won’t humiliate my pal by saying her name, but she’s the type of user who paves the way to cyber-terrorist. As the organization highlights, you will find numerous tools you should use which will generate strong passwords making simple to use (and quite safe) to keep an eye on them. I personally use LastPass Dropbox suggests iPassword.
The conclusion: Dropbox must forget it’s hot and classy and don’t forget it will not stay effective if it does not perform a better job of keeping its customers safe. And customers need to behave like responsible grown ups and be responsible for his or her own security.