Yesterday, Dropbox admitted that it was “hacked.” Sort of. In fact, a number of users’ accounts on other websites were hacked, not their Dropbox accounts. Because those users used the same password on Dropbox (which is not smart, for reasons that should be obvious), the hackers were able to access their Dropbox accounts, too. One of the users in question was a Dropbox employee who (for some stupid reason) had an unencrypted document containing Dropbox users’ email addresses, which then got a lot of spam.

Apart from the users whose accounts were compromised due to their own poor security practices, the only consequence of this breach is that some people got some extra spam.

Related, Dropbox also announced new security measures, including two-factor authentication. The way this usually works is that, in order to sign into your account, you will get a code texted to your phone that you have to enter along with your password in order to log in. Google has a similar system that I have been happily using for months (and you should, too).

In sum, although it’s definitely concerning that Dropbox would essentially leave any user data lying around unencrypted in the first place, it’s probably nothing to worry about. The only damage is extra spam, and Dropbox says it has patched the security hole. Plus, the new security measures should make your data even more secure in the future.

Leave a Reply