Dropbox has been trying to move into the enterprise more and more recently but was recently set back in its efforts thanks to a recent spam attack that originated from a breach in an employee’s account. Dropbox confirmed this week that a stolen employee password was the cause of the theft of a project document last month.
The document contained user email addresses which the hacker then used to spam European users of the service with ads for gambling websites. While trying to learn more about it investigating the incident, Dropbox found that usernames and passwords stolen from other websites were used to access a smaller number of Dropbox accounts, which indicates that account holders were using their credentials on multiple sites.
Even though some Dropbox users claimed that they use different login information for other sites, Dropbox claims that its investigation showed that the site’s internal systems had not been hacked. Regardless, this attack has not helped the company in its efforts to be seen as more than just a free, consumer-oriented service.
As a result of the breach, Dropbox has confirmed that it will increase security for users and employees. The company plans to introduce a number of new controls, including two-factor authentication in which a temporary code would be sent to a user’s mobile phone.
In addition to that, Dropbox plans on upgrading with a new page that shows logs of users’ activity as well as other automated mechanisms for identifying suspicious activity. Dropbox is also may start prompting users to change passwords that have been in use for a long time.
These changes for Dropbox should improve security for user accounts while other companies, like Google, Facebook and Microsoft, have already implemented many of these same features for their users. As an added precaution, anybody who uses cloud-based storage, like Dropbox, should rely on tools available from security vendors that encrypt data before it is stored on the cloud.
Source: PC World – Dropbox Gets a Black Eye in Spam Attack