No Dropbox Hack, but Account Info, Passwords Leaked

Cloud storage provider Dropbox has denied that it was hacked, following the posting of account information and passwords for hundreds of Dropbox accounts online earlier this week.

What was initially reported as a hack in which almost 7 million Dropbox accounts were compromised seems now to be limited to only a few hundred accounts. In a statement reported by ZDNet, Dropbox claims that the emails, addresses, and passwords associated with these accounts were stolen "from an unrelated service" and not from Dropbox itself.

Fortunately for Dropbox users, the data breach was less widespread than initially feared. Nevertheless, what do consumers need to be aware of when it comes to the security of their online accounts?

Your Password May Not be as Secret as You Think

Although you may have selected only something you would know as the password to one or more of your online accounts, there's a good chance that if that password has been in use for more than a year or two it may no longer be safe, especially if that same password is in use across multiple online accounts.

The email addresses and passwords posted by hackers in the latest purported hack were most likely culled from previous data breaches involving other websites. For example, in 2013 researchers discovered a database of 2 million stolen login credentials associated with Facebook, Twitter, Google, LinkedIn and other web services. If your email address/password combination was compromised in that hack, or any other of the litany of hacks on major web services over the past several years, it may be used to access other services using that same combination.

How to Improve Your Password Security

When it comes to password security, following a few small steps can prevent hackers from gaining access to your online accounts:

• Use passwords that are hard to guess and that include lower and upper-case letters as well as numbers and symbols;
• Change passwords often;
• Use different passwords for different services; and
• Use two-step verification, which makes users logging into to an account enter a second code or passphrase sent by text message to a mobile phone.

Increasingly, web services such as Dropbox are also building in features that detect suspicious log-in attempts. In this case, Dropbox said it detected attempts to access accounts compromised by hackers and reset the passwords to the affected accounts.

Related Resources:

• Hundreds of Dropbox passwords leaked online but Dropbox denies it was hacked (The Next Web)
• 3 Tips to Protect Your Privacy on Snapchat (FindLaw's Common Law)
• New 'Dropbox for Business' Raises Legal Concerns (FindLaw's Free Enterprise)
• 7 Simple Steps to Protect Your Online Privacy (FindLaw's Law and Daily Life)