Friday, August 3, 2012

Dropbox is the latest tech company to have fallen victim to a security breach, and there’s a good chance your account is at risk.

But unlike recent hacks on sites such as Yahoo, LinkedIn and eHarmony, account names and passwords weren’t posted online, making it more difficult to check via a tool if yours was compromised.

The good news is that Dropbox has taken steps to notify affected users via email about the incident and have urged them to change their passwords immediately. The bad news is that just because you changed your Dropbox password doesn’t mean other accounts that take the same password  from Facebook to Gmail are safe.

Before we walk you through how to protect your account, here’s a rundown of what happened.

Dropbox Hacked

The cloud-based, file-sharing company said in a blog post on Tuesday that news about the breach started about two weeks ago when users said they received spam at email addresses used only for Dropbox.

“Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” Dropbox wrote. “We’ve contacted these users and have helped them protect their accounts.”

The company discovered that an employee’s account was compromised and the hacker obtained improper access to the site, which led to spamming the accounts of members.

“We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again,” the company said. “Keeping Dropbox secure is at the heart of what we do, and we’re taking steps to improve the safety of your Dropbox even if your password is stolen.”

To prevent this from happening again, Dropbox is rolling out a series of initiatives to enhance the site’s security. For example, it will be implementing a two-factor authentication in the coming weeks which requires two proofs of identity, such as your password and a temporary code sent to your phone, when signing in.

In addition, Dropbox will be adding new automated mechanisms to help identify suspicious activity, as well as a page that lets you examine all active logins to your account. The company said, in some cases, it might ask users to change their password if it’s commonly used or if it hasn’t been updated in awhile.

Maximum Security

This may sound simple, but it’s critical to change your Dropbox password now if you haven’t already. To do, click here and follow the instructions.

To make sure your Dropbox password or any account is secure, it’s imperative to set a unique password for each website you use.

“Though it’s easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk,” Dropbox warns users.

There are ways to be proactive about your online security, without spending too much time and energy by doing so. Password manager tools such as LastPass and 1Password help you manage strong passwords across multiple sites.