Any Dropbox user who signed up for the service in mid-2012 or earlier and hasn’t changed their password since, has had it reset this week, following the news that the cloud storage provider suffered a security breach compromising 68 million user passwords. Oopsie!
“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” reads an article from the Dropbox Help Center.
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users. We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts,” said Patrick Heim, Head of Trust and Security for Dropbox for Motherboard.
What you may not know is that the 2012 leak was caused by a Dropbox employee reusing a LinkedIn password that had been hacked previously. The culprits then used the same login credentials to access the that employee’s Dropbox account “containing a project document with user email addresses”, as the initial disclosure from 4 years ago reads.
Here at pCloud, we don’t have a “Trust and Security” department. What we have is the understanding of the incredible importance of online security, and the mission to educate each and every pCloud employee, and all of our existing and potential clients about that.
Why do we do this? Because no matter how hard we work to achieve technological excellence in encryption and online privacy protection, we see the human factor recurring again and again and again.
As we recently pointed out, a 25% of all data breaches in 2015 were caused by а human error, and 1 in 3 smartphones have no locksreen passwords or codes. This is quite concerning, given that we are speaking of technology that is available and accessible for anyone.
It takes a couple of taps to activate phone lockscreen.
It takes about a minute to activate 2-step authentication.
It takes a less than a minute to come up with a password that is complex enough to be hacked yet easy enough to remember.
It takes less than a minute to come up with another such password to use for another service so you don’t reuse passwords.
It is true that Dropbox team has done everything in their power to reset the passwords of any user possibly affected by the breach – but the fact remains, these actions are reactive.
What we do at pCloud is be proactive – and make sure that client-side encryption is in available to anyone in order to protect their data in the cloud.
It takes just a few seconds to sign up for an encryption service like pCloud Crypto. And you have no reason not to do so.
Here is a list of best Dropbox alternatives and best cloud storage services.