Dropbox hacking: Wake-up call for netizens

Dropbox hacking: Wake-up call for netizens

Some Internet users in Singapore had a wake-up call after news broke yesterday that seven million Dropbox accounts had supposedly been compromised.

Marketing manager Ian Tan said he immediately activated the two-factor authentication (2FA) setting for his Facebook and OneDrive online storage account after learning that his Dropbox account, also for storing files online, had been accessed illegally.

The 2FA feature is an added security feature on many websites that allows users to receive a one-time password (OTP) for accessing their online accounts.

Accounts are then more secure as hackers would need to have victims' mobile devices for receiving the OTP via SMS, or security tokens for generating the OTP.

"Thankfully, I don't use the Dropbox storage service to back up my important work documents or I would be panicking," said the 38-year-old.

News of the leak broke online yesterday after hackers posted on Pastebin.com, a file-sharing site, information from hundreds of accounts. They claimed to have details from seven million accounts.

Mr Tan knew he was among the affected users when he saw that his Dropbox account was last accessed in the United States yesterday. He was in Singapore.

It is not known how many users here were affected, but Dropbox is the default online storage option for Samsung phone users, just as iCloud is to Apple devices.

Last month, the nude photos of more than 100 stars, including Jennifer Lawrence and Kate Upton, were leaked from iCloud.

Locally based IT security specialist Assurity Trusted Solutions urged users to reset their Dropbox passwords and activate 2FA for their online accounts.

The Singapore Computer Emergency Response Team (SingCert) said users should be selective in using their Dropbox accounts to sign in to third-party services.

Mr Bryce Boland, chief technology officer for Asia Pacific at security specialist FireEye, said: "Given that Dropbox's servers allow third-party app access, the attackers could possibly obtain the passwords through an application programming interface."


This article was first published on Oct 15, 2014.
Get a copy of The Straits Times or go to straitstimes.com for more stories.

This website is best viewed using the latest versions of web browsers.