Online storage tool not so secure after all

Dropbox, a popular program for storing large amounts of data online, recently admitted that some of its user’s accounts had been compromised.

It may be time to seek out another option for saving videos, movies and other important files. Dropbox, a popular program for storing large amounts of data online, recently admitted that some of its user’s accounts had been compromised.

This time, according to the company’s blog, account information stolen elsewhere was used to get into Dropbox accounts. Of particular concern, the password to an account belonging to a Dropbox employee was stolen. This revealed a list of the email addresses of Dropbox users, and this is how the company said some of its users started to receive spam emails.

The relevant issue here is duplicate password use. When users have the same password and login information across multiple sites it means a security breach at one site has a ripple effect in the online world.

“The Dropbox incident underlines the necessity of having different passwords for every website,” Graham Cluley, a technology consultant, said to InformationWeek. “As people pile more confidential information onto the web, hackers are being given a greater incentive to penetrate accounts. The frequency and severity of these data breaches is proving time and time again that users must make better efforts to protect themselves.”

Dropbox’s response
This is certainly not an isolated issue to arise. Eric Doerr, Microsoft’s group program manager, wrote in a July blog post that about 20 percent of all Windows Live accounts are compromised as a result of duplicate password use. According to one online survey, 48 percent of respondents said they use four passwords or less.

Even though password reuse was at the heart of Dropbox’s recent security issue, Aditya Agarwal, the company’s vice president of engineering, outlined in a blog post additional security measures. He said Dropbox will now have a two-layer identity authentication process plus new automated messages to go out after suspect activity is detected. In addition, Dropbox will now offer a page to let users examine all of their login information, and will require a password change in select situations.

Some cybersecurity experts think Dropbox should have done more to prevent such an issue. According to InformationWeek, the compromised employee should not have had so many email addresses in his account, especially if the person was using the same login information across multiple websites. In addition, experts suggest that Dropbox should not have sent an email urging a user to reset a password since that kind of message can be perceived as spam.

Even with a variety of additional security measures, Cluley urged caution when using online tools like Dropbox.

“If you are going to entrust sensitive data to Dropbox, my advice is that you should automatically encrypt it before sharing it with the service,” he said. “That way anyone who raids your account won’t be able to make sense of what you have stashed in the cloud anyway.”

Has duplicate password use now become a major cybersecurity issue? What layered security do you use to prevent hackers when using cloud-based sites like Dropbox?

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.