Have you ever wondered about the security of cloud based applications and services? If yes, you’re not alone. It can be a bit discerning to relinquish full control of your business and trust all your information, business processes or whole business to cloud providers. For the most part they offer a secure service, however, they have been hacked before, with the most recent service coming under attack in the last week of July.
The cloud service provider that had its security breached was Dropbox. While the company has taken steps to remedy this situation, some users had their information leaked before the situation could be solved.
What happened? Dropbox made an announcement that hackers had stolen account information from another – undisclosed – website and used that information to log in to Dropbox accounts. One of the accounts happened to belong to a Dropbox employee who had other email addresses connected to Dropbox accounts stored in a document.
With the stolen account names, the hackers proceeded to send spam messages to users’ email addresses. It was complaints from users about spam emails being sent to accounts that are only associated with Dropbox that alerted the company to the problem. From information we’ve been able to attain, it appears that accounts stolen were mainly in Western Europe, and the UK.
Is Dropbox doing anything? Dropbox is to be commended for a quick reaction. They let users know as soon as they found out and announced two enhanced security measures on August 2. The first measure is two-factor authentication, most likely a password you enter that’s provided by SMS at the account activation stage. This measure should be in place within the next couple of weeks. The second measure is an account activity page which is available now and shows all the devices that have connected to your account.
As with any security breach, if you or your employees use Dropbox, you should take appropriate steps to change your password. To change your password, log in to Dropbox on your browser, select your account name from the top right of the page and click Settings. Select Security followed by Change password. You’ll also notice the devices or computers that have accessed your account here.
While this may seem like a big issue, Dropbox has handled the leak well and taken appropriate steps to remedy the situation. You shouldn’t let an issue like this sway your opinion on cloud services. If you’d like to learn more about how Dropbox, or other cloud storage and service solutions can be integrated with your business please contact us.