Dropbox confirms it was hackedCloud storage service admits security leak

01 August 2012

Dropbox hacked

Dropbox has admitted that it has been hacked and a series of user email addresses have been acquired by spammers.

Dropbox is a cloud storage service, allowing users to save files on its servers and access them through the internet through an app for computers and smartphones.

Users of the service had started complaining that the email addresses they used with the service had started to receive spam emails and after investigating the service has confirmed that there has been a security leak.

For more information about security breaches and advice on the measures to help protect yourself read our guide to online safety.

How did it happen?

According to Dropbox the passwords were leaked when an employee's account was accessed with a password stolen from a third party site. Hackers were then able to access a document that included users' email addresses.

Do I need to change my password?

Dropbox has said it has contacted affected users and helped them protect their accounts, but as a precaution Which? recommends Dropbox users should change their passwords. For help choosing a new password read our guide to creating the perfect online password.

What is Dropbox doing about the leak?

As a result of the leak, Dropbox is introducing a series of new security measures. These include:

  • Two factor authentication - users will have the option to require two proofs of identity (such as a password and a temporary code sent to a mobile phone) when signing in.
  • Automated mechanisms to help identify suspicious activity.
  • A new page that lets users examine all active logins to their account.
  • Users will be asked to change their passwords if they are commonly used or have not been changed recently

The service is also encouraging users not to use the same password with multiple services as this leaves all accounts at risk if one is compromised.

More on this...