A few weeks ago, we told you about a spam attack that was targeting Dropbox email addresses. Dropbox has never had security problems, and the attack was considered an unfortunate stain on an otherwise perfect company record.
However, it was revealed today that the Dropbox data leak was not anywhere near as serious as originally thought. Although it first appeared that hackers were able to gain access to personal user data saved on the Dropbox servers, this isn’t actually the case.
Instead, a Dropbox employee got careless with their files and left an unprotected project document filled with user emails on his computer. Unfortunately, the data was not encrypted, making it easy for the hacker to steal the user data.
After stealing the user email addresses, the hacker was able to send hundreds (even thousands) of spam messages to each address. It didn’t take long for Dropbox users to realize that something was amiss.
Dropbox is taking action against the issue, but really, it comes down to forcing users to choose more secure passwords. New data leaks are occurring on a near-daily basis, and you can’t make it easy for hackers by using the same password across all your accounts – which is apparently what the Dropbox employee did.
Instead, use different passwords for Facebook, Twitter, your email address, and any other accounts. Use a tool like 1Password to keep track of all your password data. That way, if one account is compromised, the rest of your accounts won’t be dragged down with it.
Read the full story on the Dropbox blog