Dropbox, the popular cloud-based file storage site, confirmed this week that usernames and passwords were stolen from third party Web sites and then used to access Dropbox accounts. Dropbox users began receiving inordinate amounts of spam, which spurred the initial investigation. Dropbox is now taking extra steps and additional security measures to ensure this doesn’t happen again.
According to the Dropbox blog: “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.” Company engineer Aditya Agarwal went on to write that “a stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam.”
Yet just because you don’t have a Dropbox account—or if you do and weren’t notified by Dropbox that your account was compromised—doesn’t mean you shouldn’t consider changing your password. This is especially true if it’s a simple password used for multiple accounts.
● Use a combination of letters (both upper and lowercase), numbers, characters and even punctuation.
● Never use the same password for multiple accounts.
● Change your password every few months if you want to be truly diligent, or at least once a year.
● Create strong passwords for high priority accounts such as your personal email account, accounts at financial institutions, and even your Facebook account.
● Be wary of phishing emails from people you don’t know (and even people you may know), especially if it comes from a Yahoo, Hotmail, or MSN account. Never click on a link from an unfamiliar source, even in Facebook.
● Use lines from your favorite song, book or movie to create a strong and memorable password. A good example of this is “2bon2bT1tq” from the Shakespeare quote “To be or not to be: That is the question.”
Software is available for those who need an easier way to manage all their passwords in one place, but keep in mind: if it’s written down or recorded anywhere, it’s still vulnerable.
Companies work hard to ensure your account info is safe online, but these breaches still happen. Remember LinkedIn’s June password leak? Take the extra steps now to prevent this from happening to you.[photo credit: woodleywonderworks via photo pin cc]