Maybe this will put an end to all that “Dropbox of the Enterprise” talk by cloud storage providers.
On Monday night, Dropbox acknowledged that spam mailings afflicting users starting a few weeks ago happened when hackers used passwords obtained from third-party sites to access “a small number” Dropbox user accounts. The company called in outside experts to help its security pros and here’s what they discovered, according to the Dropbox blog.
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.
A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.
It also said it would start offering a two-factor authentication option in a few weeks and is providing a new web page to let Dropbox account holders check out accesses to their account.
The company also recommended that users select unique (and new) passwords for all their accounts to help bolster security, a suggestion that med with some skepticism by commenters.
The post was met with skepticism and anger by some commenters. One wanted to know why a Dropbox employee had user email addresses to begin with. Others said there is no evidence that old passwords are inherently insecure and others pointed out that they always use unique passwords.
The situation is reminiscent of the LinkedIn security issue in June, as TechCrunch pointed out.
This is just the latest proof that cloud-deployed services are not immune from security — and other — snafus that impact any technology. But it’s a rude wakeup call to consumers who love the easy-to-use offerings and employ them without a ton of thought. The whole “Dropbox of the enterprise” meme started when dozens of companies touting IT-friendly cloud storage all glommed onto Dropbox’s huge popularity in the consumer market to position themselves. Dropbox claims 50 million users but is also flying into a headwind as Apple iCloud and other consumer-friendly options gain traction.
One comment on the site sums up sentiment that must keep Dropbox executives up at night. Wrote commenter Albundy:
“I left the cloud world. Right now. BB dropbox.”
