Dropbox has been forced to hold up its hands over another security breach, after both user and staff accounts were hacked.
The cloud synchronisation service was subject to a security bug last June which saw unauthorised users log into subscriber's accounts without having to provide the correct password. A year on, a fresh glitch has allowed usernames and passwords stolen from other websites to be used for signing into Dropbox accounts, putting customer details at risk.
The company was made aware of the breach two weeks ago, when users began reporting spam they were receiving at email address used only for Dropbox. Citing the staff member who was also targeted, Dropbox explained, “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam.”
These controls include a two-factor authentication feature, allowing the user to set two proofs of identity for logging into an account, such as a temporary code sent to your phone in addition to a password. This feature is due “in a few weeks”, while Dropbox also intends to implement new automated mechanisms to help identify suspicious activity and a “page that lets you examine all active logins to your account”.
Before last year’s security breakdown, Dropbox had already been accused of misleading its customers about the security of their data.
Despite these concerns, the company has enjoyed steady growth and remains bullish about its future.