Last night, news started coming in that Dropbox had been hacked and passwords had been leaked. However, the file sharing service denies this, and said that it was actually third party sites that have been hacked. None of which affect their service or users.
The story first broke late last night, stating that Dropbox had been compromised after hackers managed to steal user passwords through a server break. Those passwords were leaks online, and there was some concern that the files uploaded into Dropbox might have been fair game.
But Dropbox released a blog post this morning claiming that this isn’t true. Instead, they say that other sites were hacked and passwords were taken. The hackers then used those passwords on a number of sites in an attempt to login using the same credentials. One of those sites they tried was Dropbox.
Spokespeople for the service say that the issue has already been addressed, and most of the leaked passwords had already expired. Those that hadn’t have been reset, and while they did catch hackers trying to use the information, it was not successful.
This does bring up an important issue, though: password security, on the part of the user.
Too many people will reuse their passwords, in spite of experts urging them to use a different password for every site for years. So when one account is compromised, suddenly every account is under the same threat.
You can usually count on someone having a handful of the same accounts under their belt: Twitter, Facebook, Gmail, ect. These already offer a prime platform for a scam, such as claiming to need help and asking contacts for money on your behalf. But what about directly financially tied accounts like Amazon, or Ebay, or a myriad of other potentials?
One of the simplest and most important ways you can protect yourself is by using a different password for every account, and one that has no connection to you whatsoever. A random collection of upper and lower case letters, numbers and symbols will be impossible to crack.
If you are worried about forgetting the passwords – which is understandable – you can use a service like Passpack to keep them all in one place. That way, if you end up with a hacked account (as we all do from time to time), you won’t end up having to scramble to change every password across the web.