In July 2012, cloud service Dropbox released a blog post responding to some of its users receiving spam from emails used exclusively for their Dropbox account. The company launched In July 2012, cloud service Dropbox released a blog post responding to some of its users receiving spam from emails used exclusively for their Dropbox account. The company launched an investigation and found that the compromised accounts were ones that have the same passwords as other websites. However, they confirmed that one of their employees, who used the same password for his LinkedIn account, was part of the breach. The Dropbox employee’s account contained a document with usernames and passwords for a project Dropbox was working on, which led to the spam emails. The Dropbox team rolled out additional security measures, including prompting users to change passwords, two-factor authentication, and an automatic mechanism to scan suspicious activity.
The security breach came into the light again in 2016 when four files totaling 5GB surfaced for sale on the Dark Web with a $1,209 price tag (2 Bitcoins.) The files contained over 68 Million Dropbox user accounts and hashed passwords dating back to 2012. Fortunately, the Dropbox hack caused no known major problems outside of the spam emails.
Other Dropbox Security Issues
•In 2011, an erroneous update allowed users to access their Dropbox account without passwords. The bug was discovered within 5 mins and resolved in 4 hours.
•In January 2014, a hacker group called 1775 Sec brought the Dropbox website down “in honor” of internet activist Aaron Swartz, who took his own life a year before.
•In January 2017, users found their deleted documents restored automatically in their accounts. Dropbox claims that a bug prevented files from being fully deleted and caused its restoration.