Dropbox Experiences Increased Spam after Employee Account Breach
The cloud storage service Dropbox said Tuesday that the increase in spam e-mail sent to users last month was directly related to an employee account compromise.
"A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses," said Dropbox's Aditya Agarwal in a blog post. "We believe this improper access is what led to the spam. We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again."
The spam featured advertisements for an online gambling site aimed at European users written in English, German and Dutch.
In response to this recent breach, the company announced that it has begun implementing new security features into its service.
The first, coming in the next few weeks is a two-factor authentication process that will require two proofs of identity when logging in. This can be something like a user's password and a code sent to the user's cell phone, according to the company.
The company will also be adding a feature that will notify users if "unusual" activity on an account occurs, a new Web page where users can view all logged activity on an account and Dropbox will require users to regularly change their passwords.
Agarwal said that that along with these security additions, users must remember to always adhere to safe online practices.
"At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use," said Agarwal. "Though it's easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk."
Last week's breach marks the second time in a little more than a year that Dropbox had been hit by a security breach. Last year an estimated number of 100 customer accounts were exposed for a few hours, allowing anyone to access them without a valid password.