After data theft with spam consequences: Dropbox promises more security


The reason is a security gap: Recently, a stolen password was used to steal a company document from a Dropbox employee, which also contained a list of user email addresses, as reported, among other things, "All Things Digital". In the weeks following the data theft, a number of Dropbox users registered an increased spam volume. Many noticed that only the mailboxes associated with their Dropbox account were overflowing, and complained in the provider's support forums.

He admitted yesterday for the first time publicly the security problem. "Keeping Dropbox safe is at the heart of our business, so we're taking steps to improve the security of your Dropbox even if your password is stolen, " wrote Aditya Agarwal of Dropbox in the company blog. "We apologize and have introduced additional controls to prevent this from happening again."

Optionally, Dropbox will also offer two-factor authentication (ie password plus another method) in the future. There is also a new page where users can monitor active account logins plus "new automated mechanisms to identify suspicious activity". The new security features will be rolled out in the next few weeks.

Dropbox has had a major security problem in the past. About a year ago, the mistake of a programmer meant that you could log in to any account with arbitrary passwords for about four hours.