Password re-use is a major no-no for important services. The company says it has plans to roll out additional security measures that should help users protect their Dropbox accounts even if users (or employees, assumedly) lose account passwords, including two-factor authentication (Dropbox says this will be coming “in a few weeks”), and new automated mechanisms to help identity suspicious activity, as well as a page that lets users examine all active logins. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.Ī Dropbox spokeswoman said the company is not ready to disclose just how many user account credentials may have been compromised by this password oops, noting that the investigation is still ongoing.
We believe this improper access is what led to the spam. We’ve contacted these users and have helped them protect their accounts.Ī stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. In a statement released on its blog this evening, DropBox’s Aditya Agarwal wrote: Today, the company confirmed that suspicion, blaming the incident on a Dropbox employee who had re-used his or her Dropbox password at another site that got hacked. And you’re coming from LastPass, which now forces free users to choose between LastPass on desktop or mobile, the 50-password limitation may be a fair tradeoff for Dropbox’s multi-platform support.Two weeks ago, many Dropbox users began suspecting a data breach at the online file-sharing service after they started receiving spam at email addresses they’d created specifically for use at Dropbox. Still, the average person may not need to store more than 50 passwords.
The 50-password limitation for free users is, of course, arbitrary.
Free users also miss out on Dropbox Vault, which is only available for Dropbox Plus subscribers. Those who pay a monthly fee for Dropbox can use the service to store an unlimited number of passwords on an unlimited number of devices, though free users are stuck with just 50 passwords on 3 devices. While it only supports 50 passwords on 3 devices, the free version of Dropbox Passwords may be a better option for lightweight web users than a paid password manager or the open-source Bitwarden client.ĭropbox Passwords, which debuted for paid subscribers in August 2020, works on web, mobile, and desktop platforms. Still looking for an alternative to LastPass? Come April, free Dropbox Basic users will gain access to the platform’s built-in password manager.
0 kommentar(er)
