The habit of using the same username and password combination for multiple sites has come around to bite Dropbox and its users. Network intruders who came into the possession of name/password combos from other sites, tried them out on Dropbox and were able to break into many users’ accounts — including the account of a Dropbox employee, which led to a deluge of spam.
Dropbox says reused passwords are to blame for a wave of spam that’s hitting subscribers to the service.
The company found that usernames and passwords recently stolen from other websites were used to sign in to some Dropbox accounts. One of these accounts belonged to a Dropbox employee, and it contained a project document with some users’ email addresses.
This improper access led to the spamming of many users, Dropbox said.
The company has taken various steps to improve security, including the coming introduction of two-factor authentication.
“The downside of not having more rigorous access controls in place around sensitive data is that they can be compromised,” Todd Thiemann, senior director of product marketing at Vormetric, told TechNewsWorld. “Dropbox appears to have learned that the hard way.”
Read More via Technology News: Network Intrusion: Hackers Use Stolen Passwords to Jimmy Into Dropbox.