After investigating complaints from its users getting crazy amounts of spam, Dropbox has announced that emails and passwords stolen from third-party websites have been used to hack into existing Dropbox accounts.
One of the breachеd accounts is a Dropbox employee’s and it happened to contain some project files with a number of Dropbox client email addresses. Hence the spam spree.
To fight back, Dropbox will be introducing new security measures to protect its users from such attacks. Here are the future features the company plans to implement:
- Two-factor authentication – a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
- New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
- A new page that lets you examine all active logins to your account.
- In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)
Don’t worry, passwords haven’t leaked out, but it’s a good idea to change your Dropbox password just in case.
Source | Via