|Dropbox Employee's Unsafe Password Practices Leads to Spam Scare - Sophos
IT News Online Staff
Sophos, the IT security and data protection firm, is reminding Internet users of the importance of choosing different passwords across their online accounts, following reports of a password breach at the cloud storage provider Dropbox.
Dropbox recently discovered that usernames and passwords stolen from other Web sites were successfully used to sign in to Dropbox accounts, suggesting that those users affected were using the same sign-in credentials for multiple online accounts.
One compromised account belonged to a Dropbox employee, and contained a document containing the email addresses of Dropbox users.
Dropbox believes that this breach has led to the high level of spam received by some users. Dropbox is now taking steps to help affected users protect their accounts, and improve security as a whole.
Graham Cluley, Senior Technology Consultant, Sophos, said, "The Dropbox incident underlines the necessity of having different passwords for every Web site. As people pile more confidential information onto the Web, hackers are being given a greater incentive to penetrate accounts. The frequency and severity of these data breaches is proving time and time again that users must make better efforts to protect themselves."
"If you are going to entrust sensitive data to Dropbox, my advice is that you should automatically encrypt it before sharing it with the service. That way anyone who raids your account won't be able to make sense of what you have stashed in the cloud anyway. Businesses are waking up to the need to use automatic and invisible encryption alongside their cloud storage - protecting users who make use of services such as Dropbox," said Cluley.