Dropbox sends password change notification to some users
In a blog post today, Dropbox's VP of engineering Aditya Agarwal explained that the online storage company is addressing some key security concerns in the wake of some concerning incidents. Some Dropbox users saw a spike in spam messages to their registered email accounts over the past few weeks, which drove an internal investigation.
The spam emails turned out to be the result of a breach of an employee's Dropbox account, which contained a project file with some user contact information. The employee's account info had been stolen from a third-party website that was compromised -- which points out the necessity of having password diversity among your web service accounts, rather than using the same password for all of them.
To help protect against future security issues, Dropbox is implementing some policy and technical changes immediately, and also rolling out others over the next few weeks. Two-factor authentication is one of the future changes, similar to what Google has already implemented for Gmail accounts; users will be able to validate password changes with a separate fact or via a cellphone verification pass.
In the meantime, some Dropbox users who have never changed their password or who have an easily crackable password will be getting email reminders to change their password. These emails may appear suspicious, but they are coming from Dropbox (and you should double-check, should you receive one, that you're directed to a Dropbox reset page). When you pick a new password, you can make it extra secure by using a random generation system like Diceware -- endorsed by the makers of 1Password and XKCD alike.
To help protect against future security issues, Dropbox is implementing some policy and technical changes immediately, and also rolling out others over the next few weeks.
Subscribe to Newsletter
Software Updatesmore updates
- Readdle rolls out PDF Expert 5: iCloud support, shared folder with Documents by Readdle
- FlightTrack 5: new look and features just in time for holiday travel
- HBO Go for iOS update adds Google Chromecast support
- Haiku Deck updates iPad app, launches web-based cloud version
- Weather Underground iPhone app gets crowdsourced weather, iOS 7 style
- Apple updates iMovie, adds support for older Macs