A 2012 data breach of cloud storage hosting service Dropbox has resulted in the leak of more than 68 million email addresses and passwords online.
At the time of the hack, the company reported that email addresses had been stolen but neglected to mention that passwords had been taken too. Last week, Dropbox informed customers that if they had set up a password prior to 2012, they would be forced to reset it on their next login.
It has been reported that the cause of the breach was a Dropbox employee re-using a password, something that should never be done.
Earlier this month, Dropbox informed customers that they should change their passwords, with head of trust and security Patrick Heim saying that the company didn’t “believe any accounts have been improperly accessed”.
He added: “Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012. We can confirm that the scope of the password reset we completed last week did protect all affected users."
When data breaches on this scale occur, it raises questions about the security of storing sensitive information in cloud services. Businesses, in particular, need to focus on keeping their data secure.
There are countless risks presented by storing information in the wrong places. The Dropbox hack has, if anything, reinforced the need for companies to ensure that their data and user details is secure.
Mimecast cybersecurity strategist Matthew Gardiner told SiliconANGLE: “The biggest threat with employees using file sharing programs like Dropbox is that once an account is compromised, it can be used as an attack vector for delivering malicious links to a network.”
He added: “Although it would look like the email came from someone that the employee knows, it could end up being malware or ransomware that has the potential to take down an organisation’s entire system.”
According to Peter Tran, general manager and senior director at RSA LLC, the security division of EMC Corp, more than half of all data created by companies will be hosted in the cloud. This represents a huge opportunity for hackers to access the wrong information.
However, protecting data can be achieved with the right cloud security processes in place, something that Arrow could assist in with our managed IT security services.