Yet another massive user ID and password leak. This time it affects about 7 million DropBox users, even if DropBox denies they were hacked. As usual, such a hack means that the data these users have stored in DropBox is in jeopardy. It also means that those who use the same ID and password on many services have much bigger troubles. Let’s see what we can learn from this:
1. Always use unique passwords on the services you use. This does not prevent password leaks, but it limits the damage when a leak occur.
2. Be alert and change your password as soon as you hear about a leak like this. Right now, we don’t know which users are affected. But if you have an old and weak password, it’s a good idea to change it NOW anyway. Changing it one time too many is better than having your confidential data all over the Internet.
3. Pay attention to the security-awareness of the cloud providers you use. This may not have been DropBox’s fault, but it could have been. This is a good opportunity to mention our own younited, is built with security in mind from the ground up. By the way, Edward also thinks you should consider alternatives to DropBox.
4. DropBox claims this leak happened in some other service that connect to DropBox. This is a plausible explanation and reminds us about the danger of connecting services to each other. If you enter the password of any service into another service, you must ask yourself two questions: Will this company refrain from misusing my data? And, does this company protect my password sufficiently? By replicating the password to several places you increase the risk that it leaks out. Don’t do that unless you get a significant benefit and trust all places where the password is stored.
5. Two-factor authentication is a great feature that increase security. Use it whenever possible.
6. It should by now be clear that this kind of massive password leaks aren’t rare incidents. We see a constant stream of these and there are probably many leaks that remain unnoticed, or are noticed but stay out of the headlines. We all have to realize that a leak like this will hit us sooner or later. Sorry for sounding like a broken record, if you still have the same password on several services, you should be busy changing them by now.
Image: Dropbox Blog
Guest Blogger: Micke, from F-Secure
We write about our real-life experiences and try to give you helpful tips on security issues whether it be safe online shopping, ensuring that you don’t lose precious digital photos or making sure your kids don’t get exposed to inappropriate content. We are F-Secure, a company with over 20 years experience in Internet security. Visit F-Secure’s Safe & Savvy blog.