Block on Trump's Asylum Ban Upheld by Supreme Court
OK, reality check: All those headlines and stories claiming Dropbox was "hacked" contain a false statement and a misleading omission, making them technically false (consult your local rules of professional responsibility).
Dropbox wasn't hacked. That's the false statement. According to Dropbox, the usernames and passwords posted on Pastebin were login credentials stolen from other services. The thieves then used those same credentials to attempt to log in to Dropbox accounts.
The second statement, which is misleading, is that the hacks aren't even new. Dropbox wouldn't say when the credentials were stolen, but in a statement said the passwords "have been expired for some time now." Dropbox, like every online service provider, has the ability to forcibly expire user passwords, making them useless for logging in. This is a common first line of defense when a provider knows it's been hacked and it prevents thieves from using the stolen passwords.
The vast majority of "hacking" that happens is not a result of the stuff you saw in "The Net" or "Swordfish." (Even if it were, none of that stuff is accurate, anyway. People, please! An IPv4 address can't start with a number greater than "254"!)
Most hacking is incredibly old-fashioned "social engineering." For example, hackers accessed Sarah Palin's Yahoo email account in 2008 by guessing the answers to her security questions, which allowed them to reset the account password. And Wired editor Mat Honan had his Gmail, Amazon, and Apple accounts hacked after attackers called up Apple, claiming to be him, requesting a password reset over the phone (which, by the way, was against Apple's security policy at the time). The bottom line is that most instances of "hacking" are largely preventable.
Dropbox, Gmail, et al. are safe -- as long as you take some steps to make them safe. (Remember: protecting your stuff from intruders is more holistic than just "passwords." It's about security.) Here are few tips to consider:
Finally, remember that 128- or 256-bit encryption is hard to break unless you have expensive equipment, which is why thieves target the weakest point of entry: Your dumb password and your obvious security questions. Security best practices go a long way toward keeping your stuff secure. I'm talking to you, "123456."
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.