Dropbox Spam Attack Blamed on Employee Account Breach - stottpubbee1972
Dropbox said Tuesday one of its employee's accounts was compromised, leading to a tidy sum of spam last month that stung users of the cloud-depot service.
A purloined password was used to get at the employee's account statement, which contained "a project written document with user email addresses," Dropbox engineer Aditya Agarwal wrote on the company's blog.
"We believe this improper access is what led to the spam," Agarwal wrote. "We're sorry about this, and have put additional controls in place to help make sure it doesn't pass off again."
The company also found that usernames and passwords that had been stolen from other websites were used to access "a small phone number of Dropbox accounts," Agarwal wrote. Hackers commonly try on username and password combinations from breaches happening other web services in hopes people usance the same compounding, a common security trouble.
The spam, written in German, English and Dutch, publicized play websites and seemed to affect solely European users. Many of those users wrote on the company's forum they had used a alone email address solely for Dropbox, leading to suspicions the company had been hacked.
Dropbox brought in an outside security team to investigate, but maintained happening July 21 that information technology had found no intrusion of its internal systems or other compromised accounts.
In lighter-than-air of the rift, Dropbox aforementioned it plans in a few weeks to introduce two-factor authentication, such equally a system that would send on a temporary code to a person's phone.
Other planned upgrades include a new foliate that volition show logs of user account activity and other "automated mechanisms to assistanc identify suspicious activity," Agarwal wrote. Users may also be prompted to modify their password if it has not been changed in a yearn time.
Send newsworthiness tips and comments to jeremy_kirk@idg.com
Source: https://www.pcworld.com/article/460323/dropbox_blames_employee_account_breach_for_spam_attack-2.html
Posted by: stottpubbee1972.blogspot.com
0 Response to "Dropbox Spam Attack Blamed on Employee Account Breach - stottpubbee1972"
Post a Comment