Dropbox, the online file storage site, confirmed Tuesday that a small number of accounts were hacked on its services and the organization has introduced security features that improve account safety and facilitate robust recovery even if it is hacked again.
In a company blog posting, Aditya Agarwal, VP, Engineering stated: "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts."
Analyzing the reason behind the incident, Agarwal noted: "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to make sure it doesn't happen again."
Delving into the security measures adopted to improve the safety of Dropbox even if the password is stolen, the blog advocated a two-factor authentication; new automated mechanism to identify suspicious activity; new page to examine active logins; and in some instances change of password.
Apart from setting in new security features, the company has recommended that users adopt different passwords for multiple sites, as in the event of a security breach, the same password in one account would put other accounts in jeopardy.
TechCrunch noted in its report that the recent threat resembled the targeted LinkedIn attack in June.
The incident was first reported when a few users complained of receiving spam emails about online casinos and gambling sites two weeks ago.
Earlier in July, Dropbox users accessed the company's website forum to rant about the spam emails that they were receiving. Majority of the users who vented their anger seemed to come from Europe, especially Germany, Holland and the UK.