For a company holding onto your files, especially if they are sensitive or important, that perception can almost be as important as the security itself. If user hacks start creeping out and spread across more and more of its user base, it can undermine the security - and perception thereof - of a company. While a broad password reset can carry some negative optics, requiring a password reset is generally the best practice to ensure that it can lock down its data and keep the service from getting further compromised. It’s not surprising that Dropbox would react this way to account credentials surfacing. During the 2012 incident, one Dropbox employee’s account was accessed with a project document that contained email addresses. In connection with the existence of the file, Dropbox is requiring its users to reset their passwords if they have remained unchanged. So far, Dropbox doesn’t believe that any accounts have been improperly accessed, the company said in a blog post. Dropbox earlier disclosed that usernames and passwords that were obtained in 2012 were used to access some accounts. That file pertains to passwords that were likely obtained in connection to the LinkedIn hack. While the information appears to have been taken from then and quietly held for some time, it is now surfacing, this person said.
Even though the data for these accounts is old, often passwords remain unchanged for long periods of time and are re-used across multiple accounts, leaving entire online identities vulnerable to hacks.ĭropbox’s intelligence team identified the existence of a file that contained hashed and salted passwords, according to a person familiar with the matter. In recent months, treasure troves of user credentials and passwords - in addition to a large MySpace hack disclosed in May - have been discovered. The action appears to be related to continued fallout over the massive hack on LinkedIn in 2012 where credentials for 117 million accounts were posted online.
Dropbox is requiring users who have not changed their passwords since mid-2012 to reset their passwords this afternoon.
0 kommentar(er)
