Dropbox Adding New Security Features Following Email Leaks

The bad news: Dropbox has admitted to some security issues, including a handful of hijacked user accounts. The good news: there are enhanced security options on the way.

Here's the official word from Dropbox:

[We] found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts.

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again.

If you've been receiving new, suspicious spam in your inbox, Dropbox could possibly be the culprit. (To be clear, it appears that no passwords were leaked.)

To improve its security, Dropbox is adding two useful user-facing features:

  • Two-factor authentication is coming to Dropbox, reportedly in a few weeks. If you're not familiar with two-factor authentication, read our primer on why you should use it.
  • A new Account Activity page shows you all the "computers, phones, and tablets that have access to your Dropbox". This is available now.

Dropbox doesn't appear to be providing any way to check if your email may have been included in the leak.

Security update & new features [Dropbox Blog]


    Isn't even a worse security issue if accounts were hijacked WITHOUT a password leak?

    So you're saying that you're more comfortable with your password being leaked...?

    Still more secure and redundant than having your files on a physical storage device at home or office. You can encrypt or password protect sensitive files you upload to Dropbox. Honestly, what are people uploading there?

Join the discussion!

Trending Stories Right Now