Ever wondered about the security of cloud based applications and services? If so, you’re not alone. It can be a bit disconcerting to relinquish full control of your business and trust all your information, business processes, or whole business to cloud providers. For the most part these services are secure, however, they have been hacked before, with the most recent attack in the last week of July.
The cloud service provider that suffered a security breach was Dropbox. While the company has taken steps to remedy this situation, some users had their information leaked before the problem could be solved.
What happened?
Dropbox made an announcement that hackers had stolen account information from another – undisclosed – website and used that information to log in to Dropbox accounts. One of the accounts happened to belong to a Dropbox employee who had other email addresses connected to Dropbox accounts stored in a document.
With the stolen account names, the hackers proceeded to send spam messages to users’ email addresses. Complaints from users about spam emails being sent to accounts that are only associated with Dropbox alerted the company to the problem. From information we’ve been able to obtain, it appears that the compromised accounts were mainly from users in Western Europe, and the UK.
Is Dropbox doing anything?
Dropbox is to be commended for a quick reaction. They alerted users as soon as they became aware of the issue, and announced two enhanced security measures on August 2. The first measure is two-factor authentication, most likely a password you enter that’s provided by SMS at the account activation stage. This measure should be in place very soon. The second measure is an account activity page which is available now and shows all the devices that have connected to your account.
As with any security breach, if you or your employees use Dropbox, you should take appropriate steps to change your passwords. To change your password, log in to Dropbox on your browser, select your account name from the top right of the page and click Settings. Select Security followed by Change password. You’ll also notice the devices or computers that have accessed your account here.
While this may seem like a big issue, Dropbox has handled the leak well and has taken appropriate steps to remedy the situation. Don’t let an issue like this sway your opinion on cloud services. If you’d like to learn more about how Dropbox and other cloud storage and service solutions can be integrated with your business please contact us.