Dropbox sends password change notification to some users
In a blog post today, Dropbox's VP of engineering Aditya Agarwal explained that the online storage company is addressing some key security concerns in the wake of some concerning incidents. Some Dropbox users saw a spike in spam messages to their registered email accounts over the past few weeks, which drove an internal investigation.
The spam emails turned out to be the result of a breach of an employee's Dropbox account, which contained a project file with some user contact information. The employee's account info had been stolen from a third-party website that was compromised -- which points out the necessity of having password diversity among your web service accounts, rather than using the same password for all of them.
To help protect against future security issues, Dropbox is implementing some policy and technical changes immediately, and also rolling out others over the next few weeks. Two-factor authentication is one of the future changes, similar to what Google has already implemented for Gmail accounts; users will be able to validate password changes with a separate fact or via a cellphone verification pass.
In the meantime, some Dropbox users who have never changed their password or who have an easily crackable password will be getting email reminders to change their password. These emails may appear suspicious, but they are coming from Dropbox (and you should double-check, should you receive one, that you're directed to a Dropbox reset page). When you pick a new password, you can make it extra secure by using a random generation system like Diceware -- endorsed by the makers of 1Password and XKCD alike.
Subscribe to Newsletter
Software Updatesmore updates
- Ember for Mac gains 'hugely-requested' screen recording feature
- Spotify update adds equalizer, refreshed Artist page and more
- Fantastical 2.1 for iOS adds new snooze, search and notification features
- ExpanDrive 4, more services and faster sync
- Apple adds iTunes Extras to Apple TV
- Spotify updates with new iPhone controls in time for summer BBQs