FYI...
Dropbox: Password Breach Led to Spam
- https://krebsonsecurity.com/2012/07/...h-led-to-spam/
July 31, 2012 - "Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they’d created specifically for use at Dropbox. Today, the company confirmed that suspicion, blaming the incident on a Dropbox employee who had re-used his or her Dropbox password at another site that got hacked... a statement released on its blog* this evening... says it has plans to roll out additional security measures that should help users protect their Dropbox accounts even if users (or employees, assumedly) lose account passwords, including two-factor authentication..."
* http://blog.dropbox.com/index.php/se...-new-features/
July 31, 2012 - "A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox... Our investigation found that usernames and passwords recently stolen from -other- websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts. A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam... we’re taking steps to improve the safety of your Dropbox even if your password is stolen, including:
• Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
• New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
• A new page that lets you examine all active logins to your account.
• In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time).
At the same time, we strongly recommend you improve your online safety by setting a unique password for -each- website you use..."
___
- http://h-online.com/-1657230
1 August 2012
- http://countermeasures.trendmicro.eu...red-questions/
1 August 2012