Dropbox plans on introducing two-factor authentication and other security measures in the wake of a breach.
The cloud-storage company first became aware of the breach when users complained of spam flooding email addresses linked to their Dropbox accounts. “Our investigation found that usernames and passwords recently stolen from other Websites were used to sign in to a small number of Dropbox accounts,” read a July 31 posting on The Dropbox Blog. “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses.”
That access to the employee account “is what led to the spam.” According to the posting, Dropbox reached out to the users whose accounts had been breached “and have helped them protect their accounts.”
For everyone else, Dropbox is introducing some additional security measures, including optional two-factor authentication, which should arrive “in a few weeks.” That mode of authentication requires the user input two proofs of identity, often their password and a numerical code sent to their phone via text.
Dropbox also claims it will institute new “automated mechanisms” to identify suspicious activity, along with a new page that allows users to examine active logins to an account. The latter seems reminiscent of other cloud services such as Gmail, which let the user view the time, location, and access type of last login. Users who haven’t logged into the system for some time, or have a commonly used password, may be asked to change their password.
“At the same time, we strongly recommend you improve your online safety by setting a unique password for each Website you use,” the blog concluded. “Though it’s easy to reuse the same password on different Websites, this means if any one site is compromised, all your accounts are at risk.”
Dropbox recently decided to revamp its offerings, with more storage available for the same price, in a bid to remain competitive against Google Storage, Apple’s iCloud, and Microsoft’s SkyDrive. For all those companies, the potential rewards are truly epic: research firm Gartner recently predicted that consumers will store more than a third of their digital content in the cloud by 2016. That’s a significant bump from 2011, when an estimated 7 percent of consumer content was stored in the cloud.
As illustrated by this password breach, however, cloud-based storage comes with its own brand of security risks. In light of that, companies such as IBM have opted to ban services such as Dropbox and Apple’s iCloud from corporate use.