Dropbox details security breach that caused spam attack
Published: 1st Aug 2012 14:33:57
Online storage service Dropbox has given details of a security breach that led to many of its members receiving unsolicited emails.
A stolen password had been used to access an employee's accounts allowing a "project document" containing user emails addresses to be copied, it said.
The US company added that usernames and passwords stolen from other sites had also been used to sign in to some of its members' accounts.
It has adopted new security measures.
These include automated systems to spot suspicious activity and a new page allowing users to examine earlier log-ins to their account.
It has also advised users to create a unique password for each internet site and service they sign up to, and is offering its members the option to use two-factor authentication - which could involve using both a password and a code texted to their phone to gain access.
The problem came to light last month after hundreds of its users complained they had received unsolicited email via the addresses they had registered their Dropbox account to.
The firm said at the time that it had called in a third-party to investigate.
Dropbox declined to reveal how many of the accounts had been compromised. Its site says it has more than 50 million users and is installed onto 250 million devices.
The security company Sophos branded the breach "a mixture of poor practice both inside and outside the organisation".
Several of the storage site's users also expressed concern. Some questioned why their details had been stored in an insecure location.
"What was a staff member doing with user's email addresses in such a way?" asked one user on the comments section of Dropbox's blog.
"If you had any regard for the privacy of your users you keep those addresses where they belong: locked away in a database," wrote another.
The problem comes at a challenging time for the firm. Google recently launched Drive - its own online storage service offering more "free" space to new sign-ups who only apply for a basic service.
Amazon's Cloud Drive also offers US customers 5GB of free storage, compared with Dropbox's 2GB, although the latter's members can boost their capacity by referring friends.
Microsoft is promoting its rival Skydrive service by integrating it into its new Outlook.com webmail product. Apple has introduced iCloud storage to Mac owners who have downloaded its latest system. And other start-ups, including SpaceMonkey and Owncloud, are offering storage solutions that avoid risks involved with uploading material to external cloud servers.
"The fact that this isn't the first time that Dropbox has been stung by a security breach is a cause for concern for both its corporate and consumer customers," Chris Green, principal technology analyst at Davies Murphy Group Europe told the BBC.
"The online storage market has become much more competitive since it launched in 2008.
"What Dropbox has in its favour is its size and - despite the breaches - it retains a lot of goodwill. But this is yet another example that cloud storage is still not trustworthy enough for critical and sensitive information."
At 12:03:10 in Northern IrelandA polling station may have to be moved because of a One Direction concert taking place during elections in the Republic of Ireland.
At 12:02:40 in WalesA man who admitted killing a Cardiff teenager whose remains were found wrapped in carpet 25 years ago has been invited to appeal his conviction.
At 11:59:51 in EnglandA decision to scrap pensions for councillors in England has been described as "a kick in the teeth" by the Local Government Association (LGA).
At 11:58:28 in WalesDozens of firefighters have been tackling a large blaze at a town centre shop which has led to neighbouring premises being evacuated.
At 11:56:45 in SportBolton midfielder Stuart Holden will be out of action for six to nine months following a knee operation.
At 11:56:13 in EnglandThe AstraZeneca site in Cheshire is to be sold to a Greater Manchester-based consortium, it has been announced.
At 11:56:12 in ScotlandScots boxing promoter Barry Hughes has been jailed for 43 months for mortgage fraud and money laundering offences.
At 11:47:41 in HeadlinesNine men have been arrested over the stabbing of veteran journalist Kevin Lau, Hong Kong police say.
At 11:47:29 in BusinessAt least 54,000 homes in the UK will not now be insulated as a result of changes to energy bills, the Labour Party has claimed.
At 11:45:01 in EnglandTwo Greater Manchester Police (GMP) officers are to face a gross misconduct hearing over the death of an unarmed PC who was shot in a training exercise.
Harvard CitationBBC News, 2012. Dropbox details security breach that caused spam attack [Online] (Updated 1st Aug 2012)
Available at: http://www.ukwirednews.com/news/1443939/Dropbox-details-security-breach-that-caused-spam-attack [Accessed 12th Mar 2014]
News In Other Categories
With the doors to its brand new £1million training centre officially open, one of the UK's leading apprentice training providers, Bristol based S&B Automotive Academy, is showcasing its world-class facilities by launching a series of foreign student exchanges for the first time in its 41-year history. To get a flavour of what life is like as an apprentice in the UK, the Academy hosted 16 apprentice engineers and bus drivers from the G9 Automotive College in Hamburg, Germany, as part of a Europe-wide vocational training initiative called the ‘Leonardo Programme’ with support from the European Social Fund. In a reciprocal arrangement, S&B will be sending nine apprentices to Germany during February 2012 so that they can get an appreciation of life in the automotive industry on the Continent. A further three German exchange groups are being planned for next year. Designed to assist the development of vocational skills and training across Europe, including work placements for trainees, the Leonardo Programme has a budget of €1.75bn, which is helping to encourage UK organisations to work with their counterparts abroad. In what is expected to be another challenging year for employers in the UK automotive sector, S&B’s Chief Executive, Jon Winter, claims that the exchange initiative will bring many benefits to the Academy and its apprentices: “In a world of global automotive brands, it’s important for our learners to understand the international context of the industry they have chosen to make their career. This new exchange programme will enable apprentices and Academy staff alike to achieve a better understanding of the challenges and opportunities within the automotive arena in Europe. With the Academy’s influence also extending to the USA and Asia, there’s every possibility that this initiative could move further afield in the future.” Continued Winter: “The need for skilled technicians across the world is on the increase and we actively encourage our apprentices to look at broader horizons during their training. Many of them have already learned the phrase ‘Vorsprung durch Gelehrtheit’, quite simply, ‘Advancement through learning.” In the 2010/11 academic year, S&B doubled the number of successful Apprenticeships over the previous year with some 350 apprentices graduating from the Academy. At the same time, achievement levels reached an all-time high with an overall success rate of 85%. For those learners on the Advanced Apprenticeship three-year programme, success rates were even higher, at over 98%. PHOTO CAPTION: As part of their exchange visit, S&B Automotive Academy arranged for the German apprentices to visit Hampshire bus operator, Bluestar, at its Barton Park depot. The students are pictured with S&B’s Andy West (3rd right) and Steve Prewett, Bluestar’s Area Engineering Manager (2nd right). Ends http://www.sandbaa.com
Broadcaster Chris Tarrant is recovering in hospital after suffering a "mini-stroke" while flying from Bangkok to London earlier this month.
A man who admitted killing a Cardiff teenager whose remains were found wrapped in carpet 25 years ago has been invited to appeal his conviction.
Nine men have been arrested over the stabbing of veteran journalist Kevin Lau, Hong Kong police say.
At least 54,000 homes in the UK will not now be insulated as a result of changes to energy bills, the Labour Party has claimed.
The survivor of a serious motorbike accident has had pioneering surgery to reconstruct his face using a series of 3D printed parts.