Security of cloud services is a common issue that keeps many small businesses from fully trusting in the cloud. While the developers of cloud services tout security, they have been proven to not be as secure as they should or need to be. Earlier last week, week of July 30, 2012, a major cloud storage provider had a security breach.
The cloud service provider that had its security breached was Dropbox. While the company has taken steps to remedy this situation, some users had their information leaked before the situation could be solved.
Dropbox made an announcement that hackers had stolen account information from another – undisclosed – website and used that information to log in to Dropbox accounts. One of the accounts happened to belong to a Dropbox employee who had other email addresses connected to Dropbox accounts stored in a document.
With the stolen account names, the hackers proceeded to send spam messages to users’ email addresses. It was complaints from users about spam emails being sent to accounts that are only associated with Dropbox that alerted the company to the problem. From information we’ve been able to attain, it appears that accounts stolen were mainly in Western Europe, and the UK.
Is Dropbox doing anything?
Dropbox is to be commended for a quick reaction. They let users know as soon as they found out and announced two enhanced security measures on August 2. The first measure is two-factor authentication, most likely a password you enter that’s provided by SMS at the account activation stage. This measure should be in place within the next couple of weeks. The second measure is an account activity page which is available now and shows all the devices that have connected to your account.
As with any security breach, if you or your employees use Dropbox, you should take appropriate steps to change your password. To change your password, log in to Dropbox on your browser, select your account name from the top right of the page and click Settings. Select Security followed by Change password. You’ll also notice the devices or computers that have accessed your account here.
While this may seem like a big issue, Dropbox has handled the leak well and taken appropriate steps to remedy the situation. You shouldn’t let an issue like this sway your opinion on cloud services. If you’d like to learn more about how Dropbox, or other cloud storage and service solutions can be integrated with your business please contact us.