Results 1 to 10 of 20

Thread: Security breach/compromise - 2012

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2012-08-01, 15:37 #11
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Dropbox - Password Breach Led to Spam

    FYI...

    Dropbox: Password Breach Led to Spam
    - https://krebsonsecurity.com/2012/07/...h-led-to-spam/
    July 31, 2012 - "Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they’d created specifically for use at Dropbox. Today, the company confirmed that suspicion, blaming the incident on a Dropbox employee who had re-used his or her Dropbox password at another site that got hacked... a statement released on its blog* this evening... says it has plans to roll out additional security measures that should help users protect their Dropbox accounts even if users (or employees, assumedly) lose account passwords, including two-factor authentication..."
    * http://blog.dropbox.com/index.php/se...-new-features/
    July 31, 2012 - "A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox... Our investigation found that usernames and passwords recently stolen from -other- websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts. A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam... we’re taking steps to improve the safety of your Dropbox even if your password is stolen, including:
    • Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
    • New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
    • A new page that lets you examine all active logins to your account.
    • In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time).
    At the same time, we strongly recommend you improve your online safety by setting a unique password for -each- website you use..."
    ___

    - http://h-online.com/-1657230
    1 August 2012

    - http://countermeasures.trendmicro.eu...red-questions/
    1 August 2012

    Last edited by AplusWebMaster; 2012-08-02 at 18:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules