With businesses and individuals turning to the cloud to store and back up their important business information, the security of cloud services is often under close scrutiny by the security industry.
Today, Dropbox has confirmed a breach potentially affecting millions of its users. It’s notified its customers through a series of forced password resets. This announcement did not confirm the number of affected users.
Security breach notification service Leakbase has confirmed that 68 million accounts were affected, with 32 million of those using the strong encryption function, BCrypt. The remainder of accounts were hashed with SHA-1 hashing.
How do I know whether I’ve been affected?
Dropbox has been pro-actively resetting user passwords of those who’re affected. Online checker haveibeenpwned.com will allow you to check whether your email address matches one of those discovered in the data leak.
What should I do next?
If you’re affected, you should reset your password immediately.
Keeping your account secure in 3 easy steps
1. Enable two factor authentication on your Dropbox account.
This creates another layer of security by requiring a second password when you log in from a different device. You can enable two factor authentication in your Dropbox account. You will need to download Google Authenticator (Free, iPhone and Android App stores).
2. Review your connected devices.
Check for any unusual devices connected to your account. If you see any unrecognised devices, terminate their sessions immediately.
Changing your password will not stop any existing devices already connected to your account.
3. Do not re-use your passwords across different services.
As simple as it sounds, keep the password unique, always include an uppercase letter, numbers and symbol. If necessary, follow the above steps on services which used the same password.
Corsaire has 20 years’ experience in security assurance and information security. If you have any questions or concerns regarding your data security, contact an account manager today.