Senior Online Safety - Dropbox compromise
Dropbox

Dropbox compromise explained.

The Dropbox compromise was, according to Dropbox, not caused by any deficiency in their service (Dropbox explains the compromise). They note it was caused by the compromise of a users’ USER ID / PASSWORD combinations, acquired elsewhere. Hackers acquire email addresses, userids etc., from entities which collect user information as part of their pay-wall or information access wall – it is how companies collect leads and know who is their customer/reader/constituent. Not all of these entities have thought about security, some not even a little. When an individual’s email/userid/password from one of these entities is compromised, the hackers go to work.

How the hackers work

One must remember, cyber-criminals aka hackers have substantial resources available to them, the more professional are members of the organized criminal syndicates and the solo-artist has access to tools, widgets and scripts from which to pull from any of the “dark web” criminal exchanges (the dark web is the unindex internet). These tools allow the hacker to scan applications across the internet to see what accounts open with combinations acquired through other means. If the user did NOT practice good cyber hygiene and reused the combination and did not have two-step authentication enabled, their Dropbox account opened up. When individuals reuse USER ID / PASSWORD combos, they are putting all their accounts in the trust of the company with the weakest security protocols.

[box type=”warning” align=”aligncenter” width=”300″ ]One password – One Account [/box]

What should users do?

  1.    Change their password to Dropbox to a unique password.  Dropbox instructions on changing passwords.
  2.    Enable two-step authentication with Dropbox. Dropbox instructions on 2-step authentication.
  3.    Inventory the third-party applications connecting which you are using and re-evaluate
  4.    Follow the doctrine of one-password/one-account (Senior Online Safety piece: Passwords and password management)
[divider]

Follow us on the social networks and receive all our updates

Senior Online Safety - FacebookSenior Online Safety - G-plusSenior Online Safety - TwitterSenior Online Safety - You Tube

[divider style=”double”][/divider]

Comments

comments