Unsafe password practices by Dropbox employee leads to spam scare – Sophos comments

IT security and control firm Sophos is reminding internet users of the importance of choosing different passwords across their online accounts, following reports of a password breach at popular cloud storage provider Dropbox.

Dropbox recently discovered that usernames and passwords stolen from other websites were successfully used to sign in to Dropbox accounts, suggesting that those users affected were using the same sign-in credentials for multiple online accounts. One compromised account belonged to a Dropbox employee, and contained a document containing the email addresses of Dropbox users.

Dropbox believes that this breach has led to the high level of spam received by some users. Dropbox is now taking steps to help affected users protect their accounts, and improve security as a whole*.

"The Dropbox incident underlines the necessity of having different passwords for every website," said Graham Cluley, senior technology consultant at Sophos. "As people pile more confidential information onto the web, hackers are being given a greater incentive to penetrate accounts. The frequency and severity of these data breaches is proving time and time again that users must make better efforts to protect themselves."

"If you are going to entrust sensitive data to Dropbox, my advice is that you should automatically encrypt it before sharing it with the service," continued Cluley. "That way anyone who raids your account won’t be able to make sense of what you have stashed in the cloud anyway. Businesses are waking up to the need to use automatic and invisible encryption alongside their cloud storage – protecting users who make use of services such as Dropbox."

For more information on the Dropbox breach and for further advice regarding passwords visit Sophos’s Naked Security site at: http://nakedsecurity.sophos.com/2012/08/01/dropbox-data-breach

Graham Cluley is available for comment at +44 (0)1235 544114 or +44(0)7990552181

Follow Graham Cluley on Twitter: http://twitter.com/gcluley

* http://blog.dropbox.com/index.php/security-update-new-features

Om Sophos
Hundra miljoner användare i 150 länder förlitar sig på Sophos för att skydda sig mot dataintrång och förlust av data. Produktutbudet består av datasäkerhetslösningar för kryptering, klientsäkerhet, webb, e-post samt accesskontroll av nätverk – som är enkla att hantera, distribuera och använda, och med branschens lägsta totalkostnad. Allt backas upp av SophosLabs, ett globalt nätverk med datasäkerhetscentraler som minutiöst följer hotbildens utveckling. Sophos har vunnit många utmärkelser och med dryga tjugo års branscherfarenhet betraktas man allmänt av ledande analysföretag som världsledare inom sitt område.

Huvudkontoret finns i Boston, USA. Regionkontoret i Kista utanför Stockholm ansvarar för Norden och Baltikum. För mer information, se www.sophos.com