Dropbox has revealed that spam reported by its users was the result of a security breach.
After investigating the matter, the site has found that usernames and passwords which had been recently stolen from other websites had been used to sign in to a number of Dropbox accounts.
One stolen password was used to access an employee Dropbox account containing a project document with user email addresses on it. The site suspects that this is what led to spam being sent to various users.
Fear not Dropboxers, the site has insisted that ‘keeping Dropbox secure is at the heart of what we do’ and has now put in place a number of new security features.
Dropbox will now have two-factor authentication, meaning you can set up your account to require two proofs of identity – your password and a temporary code sent to your phone.
There will also be new automated mechanisms to help identify suspicious activity as well as a whole new page that lets users examine all active logins to their account.
“We strongly recommend you improve your online safety by setting a unique password for each website you use. Though it’s easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk,” said Dropbox in an official statement.
If only Dropbox had told its employees that…
Want to receive up-to-the-minute tech news straight to your inbox? Then click here to sign up for the completely free PCR Daily Digest and Newsflash email services. You can also follow PCR on Twitter and Facebook.