Posts tagged DropBox

Dropbox Denies 7M Password Leak, Says Stolen Logins Are From Other Sites

On Monday, a Reddit thread surfaced with links to Pastebin files containing a slew of Dropbox logins. And, said the hacker, there’s plenty more where that came from—roughly 7 million compromised accounts in total. 

The initial leaks came to hundreds of unencrypted Dropbox usernames and passwords, all available in plain text. The anonymous perpetrator claimed this was just a taste of the voluminous hack and promised to leak more in exchange for bitcoin “donations.” The top of one of the Pastebin files reads:  

6,937,081 DROPBOX ACCOUNTS HACKED

PHOTOS – VIDEOS – OTHER FILES

MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN

As more BTC is donated , More pastebin pastes will appear

At this time, the source of the data is unknown. 

See also: Heartbleed Defense: The 3-Step Password Strategy Everyone Should Use

Although 7 million accounts only comes to about 3% of the 220 million that Dropbox services, that’s no consolation for the folks whose logins have been compromised. 

Just after contending with a Selective Sync glitch that errantly deleted user files, Dropbox finds itself at the center of another data integrity issue. But this time, the company says, it’s not to blame. In a statement to The Next Web, the cloud storage provider flat-out denied that it was hacked. Instead, it pointed the finger at third-party services:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

The Reddit community set about checking if the logins were legitimate, and some members claimed that, while several were expired, some others still appeared to be valid as of late Monday night. 

How To Safeguard Yourself

Some Dropbox users may notice a prompt or message from the company, urging them to change their passwords or turn on two-factor authentication, a secondary measure that requires entering a six-digit security code in addition to login credentials. 

But whether you see the warning or not, you would still be wise to take action. It’s better to be safe than sorry. 

Log into your Dropbox account and change your password. (For tips on choosing good ones, click here.) On the same page, you can switch on two-step verification. For more information about this extra step, check out Dropbox’s description here

Once you’ve secured your Dropbox account, take one more step and think about anywhere else you may have used the same username and password combo. You’ll want to change those too—and then vow never to use the same credentials in multiple places again. Once logins are out in the open, other parties can try them at various sites, from Facebook and Gmail to the major online banking sites. Automated bots would make very easy work of this. 

As for this breach, ReadWrite has contacted Dropbox for more information, and will update this post if the company responds. 

Update: Dropbox posted a message on its blog stating that the logins were “stolen from unrelated services.” Unlike Snapchat, whose data breach stemmed from other services using its APIs to connect with it, Dropbox chalks this one up to a much more mundane reason: people using the same password on different services. 

The company says the attackers just kept trying the logins at various sites, including its own: 

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.

Update: 10/14/2014 12:30am PT

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.

View full post on ReadWrite

Hacker Leaks Hundreds Of Dropbox Logins, Claims 7 Million Up For Grabs

Monday night, a Reddit thread surfaced with links to Pastebin files containing a slew of Dropbox logins. And, said the hacker, there’s plenty more where that came from—to the tune of 7 million accounts in total. 

The initial leaks came to some 1,200 Dropbox usernames and passwords, all in plain text. The anonymous commenter claimed this was just a taste of the voluminous hack, and promised to leak more in exchange for bitcoin “donations.” 

6,937,081 DROPBOX ACCOUNTS HACKED

PHOTOS – VIDEOS – OTHER FILES

MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN

As more BTC is donated , More pastebin pastes will appear

The Reddit community set about checking if they were legitimate, and members claim that several appear to be valid. 

At this time, the source of the data is unknown. 

Dropbox, which already contended with another major problem this morning—a Selective Sync glitch that errantly deleted user files—said that it’s not to blame this time. In a statement to The Next Web, the cloud storage company flat-out denied that it was hacked. Instead, it pointed the finger at third-party companies that connect to Dropbox accounts:

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

At this point, some Dropbox users may notice a prompt or message from the company, urging them to change their passwords or turn on two-factor authentication. But whether you see the warning or not, the sheer volume of the alleged hack should be reason enough to take action. 

Start by changing your password. Then turn on two-factor verification—a secondary measure that requires entering a six-digit security code in addition to your login credentials.

The company outlines the steps to turn on two-step verification here

Once you’ve secured your Dropbox account, take one more step and think about anywhere else you may have used the same username and password combo. Then change those as well. Once the information is out in the open, other parties can try that login at various sites—from Facebook and Gmail to the major online banking sites—and bots would make very easy work of this. 

As for this breach, ReadWrite has contacted Dropbox for more information, and will update this post if the company responds. 

View full post on ReadWrite

iOS 8 Warning: Apple’s Dropbox Killer Could Murder Your App Data

After a summer of waiting, Apple is unleashing iOS 8, the latest version of its mobile operating system on Wednesday. Among the new features that promise to improve the way you we use our iPhones and iPads, there’s one item that could do the opposite: iCloud Drive.

The new online storage and sync option comes new as part of iOS 8, and it’s supposed to make documents and other data easy to access from both your Apple mobile device and OS X desktop software. The problem: For Mac users, it relies on the latest version of the computer operating system, Yosemite, which isn’t out yet. 

Here’s what you need to know.

iCloud Drive Could Make Some Functions Evaporate

Similar to Dropbox or Google Drive, iCloud Drive is supposed to let you and your apps access data, no matter what Apple device you use (though they need to be new enough to run iOS 8 and Yosemite).

If you’re upgrading to the new iPhone software immediately, the most imperative thing to do—apart from backing up your phone—is not enabling the iCloud Drive option. 

See also: Apple Offers Handy How-To For Android Users Who Want To Make The Switch

Apps—like Realmac Software’s Clear productivity app—can’t function with the feature turned on. Originally, the app featured a desktop component that communicated with the mobile app. iOS 8 and Yosemite hijacks that functionality, unless the user shuts it off. The developer explains in a blog post:

As OS X Yosemite is still pre-release (and not yet available) upgrading to iCloud Drive will prevent you from syncing with Clear for Mac until both OS X Yosemite is released and you upgrade to OS X Yosemite. 

Developers cannot work around the choice made when upgrading to iOS 8, so please make sure you pay close attention to the iCloud Drive screen shown after you update to iOS 8.

Once you install iOS 8, you’ll be asked whether to turn on iCloud Drive. The simple fix: Pick “Not now.”

The iOS 8 update might affect more than just Clear, though.

Other Apps May Be Buggier After Updating To iOS 8 Too

Dropbox also discovered a “compatibility” bug for iOS 8 users. Last night, the company said

We’ve discovered that Apple’s new iOS 8 introduces a compatibility issue that may prevent Dropbox and Carousel from properly uploading your photos and videos. This means that only the contents of your “Recently Added” album will upload automatically.

If you upgrade to iOS 8, don’t delete photos or videos from your devices until you’re sure that your stuff has backed up to Dropbox. Please visit our Help Center for additional details on how to keep your stuff safe.

In essence, it explains that sending photos to the main Dropbox and Carousel services can be buggy, although the report seems pretty vague about the exact problem. Whatever it is, Dropbox says it’s working with Apple to fix it, but to battle confusion for now, it’s suspending automatic backup of photos and videos. 

There will likely be other issues that crop up—that tends to happen whenever new software gets publicly launched—so to be safe, you may not want to grab iOS 8 right away. 

But if you’re brave and rush to download it anyway—available for the iPhone 4s and later, iPad 2 and later, iPad mini and later, or the fifth-generation iPod touch—let us know how you find the new software. Deposit your disappointments (or joys) in the comments below. 

Lead image screenshot by Adriana Lee for ReadWrite. Clear app image courtesy of RealMac Software

View full post on ReadWrite

Dropbox Antes Up In The Cloud-Storage Price War

Cloud storage platform Dropbox announced today that it is offering a terabyte of storage for $9.99 a month, the same terabyte storage price set by competitors Google Drive and Microsoft’s One Drive.

This is just the latest move in the great cloud computing war of 2014, as these three heavy hitters engage in a race to the bottom for the consumer’s storage gigabyte. In March, Google announced a terabyte for $10 a month and 10 terabytes or more for $100 a month

Apple, meanwhile, plans to release its iCloud Drive later this year, which will offer 5GB for free, 20GB for a dollar a month or 200GB for $4 a month.

Images courtesy of Dropbox

View full post on ReadWrite

Now You, Too, Can Obsess Over Your Dropbox File Permissions

Dropbox CEO Drew Houston

Last month, Dropbox gave business users in its early access program the ability to rule their corporate accounts with an iron fist. Now the cloud storage company has opened the gate, allowing all business customers to obsess over their folder and file permissions too. 

See also: Dropbox For Business Gives Control Freaks What They Want

The July announcement granted administrators highly requested features covering view-only permissions for shared folders, and passwords and expirations for shared links.

This move is undoubtedly Dropbox’s way of answering critics who were unconvinced about the tightness of its security. With these changes, managers and authorized workers can fine-tune sharing controls, so freelancers, contract workers and other contacts don’t have unbridled access to company documents. 

Lead photo by Adriana Lee for ReadWrite, smartphone image courtesy of Dropbox

View full post on ReadWrite

SPONSOR MESSAGE: Win Dropbox Pro, Buffer Awesome, or Photography CC for free for life.

WTC Marketing is giving 3 people Dropbox Pro, Buffer Awesome Plan, or Photography CC for FREE– for LIFE! Enter with an email address. Share on social platforms for additional chances to win.

The post SPONSOR MESSAGE: Win Dropbox Pro, Buffer Awesome, or Photography CC for free for life….



Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Dropbox For Business Gives Control Freaks What They Want

Dropbox announced a slew of updates that offer more control over shared work files and new tools for app developers.

The changes allow for more fine-tuned access control over who can view or edit documents, and for how long, as well as improved search and new APIs, so app makers can interact with shared Dropbox For Business docs.

These are welcome changes for the 80,000 paying companies on Dropbox’s client list. And they may help quell critics who have been complaining about Dropbox’s lack of attention to security and administration.

Locking Down The Box

Last April, Dropbox rattled the business cloud-storage world when it expanded its popular personal service into the work world. It made sense on the surface. Individuals were using its online file storage in their personal lives. In the era of “bring your own device” to work, of course they’d want to use it in their jobs too.

Since then, the outstanding issue for Dropbox has been security. Critics pointed out that sensitive business information is not the same as cat photos or dinner recipes. Sharing has to be locked down and managed better at work. The system also needs to be simple and easy to use, as otherwise employees will ignore or bypass it.

The company finally answered that call today, announcing view-only permissions that let users determine who can view or edit files within the shared folders they created. They can also set passwords and expiration dates on shared links. These changes should please IT managers and bosses, while full-text search should make the whole workforce happy. Now workers can search keywords contained in documents, not just file names. 

See also: Dropbox Gets Down To Business

Today, Dropbox also announces new tools for app makers: APIs for Shared Folders and Document Previews, so outside developers can build Dropbox for Business functionality into their apps, or enable document previewing through these apps. With this, the company could be tipping its hand about turning its work-oriented cloud service into an actual enterprise platform.

Timing Is Everything

The new changes follow others introduced this year, including Project Harmony, its new collaboration with Microsoft Office. But, since its debut last year, the elephant in the room has been security. 

Why Dropbox took so long to bolster that isn’t clear. The company says it has been working on these features for 16 months in total. That’s a pretty lengthy development cycle. 

See also: Amazon Courts Companies With New Work Storage Service

The timing is interesting—particularly since it slides in just before the beginning of the last quarter of the financial year, and the company is reportedly hoping to go public sometime this year. So it’s no shock if the company seems gung ho about courting customers even harder now. 

So far, Dropbox has attracted 80,000 paying businesses, which seems like an okay start. But it’s a drop in the bucket compared to its consumer cloud-storage service, which is 300 million users strong. Its client list also accounts for a mere sliver of the millions of U.S. companies that do business today.

Whether these changes will be enough to attract more customers will be up to the companies to decide. But at least admins can preview some of these features by joining the early access program

Feature image by Adriana Lee for ReadWrite; screenshot courtesy of Dropbox.

View full post on ReadWrite

Dropbox CEO: “We’re Not Cutting Prices”

A hundred gigabytes of storage, enough for years and years of photos, costs $9.99 a month on Dropbox. Google Drive, a largely similar service, costs $1.99, or 80 percent less.

Dropbox CEO Drew Houston defended his company’s pricing under tough questioning Wednesday evening by Recode journalists Liz Gannes and Walt Mossberg in an interview at the Code Conference in Los Angeles.

“We’re not cutting prices,” said Houston.

He noted that his company now has 300 million registered users and that he regularly hears from users who have tried competing services like Box or Microsoft’s OneDrive and come back to Dropbox.

Gannes pointed out that Carousel, a new photo-sharing app from Dropbox, was struggling in Apple’s App Store with a very low download rank. Houston responded that Dropbox was still improving the app and didn’t want to promote it until it was ready.

Instead of competing on price, Houston said, Dropbox was going to keep improving tools like Carousel and Project Harmony, a tool for collaborating on Office documents while using Dropbox for storage.

Houston wasn’t blasé about the big challengers coming after him—everyone from Google and Microsoft to Apple, which once tried to acquire Dropbox.

“We’ve been worried since the day the company was founded,” he said. “All these companies are doing a better and better job of what we’re doing.”

 

 

View full post on ReadWrite

How Documents Stored On Box And Dropbox Could End Up On Google

Those files you’re storing on cloud services like Dropbox or Box may not be as secure as you think.

Both services, like other cloud-storage providers, allow users to share links to their stored documents. But sending those links out, even to trusted individuals, can also inadvertently give third parties access to your files as well, according to findings publicized by the file-sharing company Intralinks—which, by the way, is a competitor to both Box and Dropbox.

Dropbox says it’s working to fix the problem by disabling any previously shared links that might be vulnerable to leakage. Box released an email statement saying that it has found no evidence that anyone has abused such “open links” and touting the various privacy settings it offers its users to “help manage access to their content.”

Intralinks chief security officer John Landy wrote that his company inadvertently stumbled upon the vulnerability in the course of running a Google Adwords campaign that mentioned its competitors. That campaign turned up shared-file URLs that led straight to sensitive files that ordinary users had stored on Box and Dropbox—including bank records, mortgage applications and tax returns. Security blogger Graham Cluley, who also blogs for Intralink, provides some examples.

How That Leakage Happens

How, exactly, that happened involves some conjecture. Landy wrote that some Dropbox and Box users apparently created shared links to their files, which they or their recipients then mistakenly entered into a browser search box instead of the URL bar. Doing so and then clicking on an ad—which may seem a fairly unlikely occurrence, at least until you multiply it by the number of people sharing files across the Internet—would then send the file’s URL to the ad network.

One Intralinks executive quoted by Cluley estimated that in one of the company’s Adwords campaign, five percent of all hits (presumably meaning ad clicks) yielded URLs to private files, half of which required no password to access. That “small” campaign turned up more than 300 documents.

There’s also a second way links to private files could leak out to the world. If a shared Dropbox or Box document itself contains links to other sites, clicking on one will pass along the document’s URL to the next website as part of what’s known as a referer header, where administrators of the second site could see it.

It’s not clear if similar vulnerabilities exist for other cloud-storage services such as Google Drive or Microsoft OneDrive.

No Password Required

The problem for Box and Dropbox is that they don’t make their shared links more secure, Landy wrote. Recipients of shared links should have to log into the service to authenticate themselves by default, he suggested.

Dropbox engineering vice president Aditya Agarwal said in a blog post that his company hasn’t detected any malicious attacks involving shared file URLs. Dropbox decided to disable any affected document links anyway. The vulnerability has been patched for any shared links going forward, so only previously shared items are affected.

Dropbox customers can recreate their shared links, and the company will restore old links as it confirms that particular documents aren’t vulnerable. Agarwal also noted that Dropbox for Business users can require password access to shared files; ordinary users of Dropbox’s free service don’t have that option.

The Dropbox post only addresses one of the two vulnerabilities outlined by Intralinks—the leak-via-referer-header method. In an update, Agarwal wrote that Dropbox is aware that file URLs could leak via search engines that pass them to ad partners, but said that issue is “well known” and that the company “doesn’t consider it a vulnerability.”

Like Dropbox for Business customers, users of Box can also require passwords for file access, although in neither case is that security feature turned on by default. “Box also displays a message to help users understand the permissions for their content,” a Box spokesperson said via email.

Image of Dropbox CEO Drew Houston by Adriana Lee for ReadWrite

View full post on ReadWrite

Dropbox Buys Loom For Photo Sharing, HackPad For Collaboration

Dropbox is having a busy Thursday.

The file sharing giant has acquired Loom, a photo sharing app that offered mobile users up to five gigabytes of free storage. Loom announced the deal on its company blog.

Dropbox recently announced an update to its photo sharing capabilities with its Carousel feature, and the Loom team will likely join Carousel as the home for syncing and sharing the ever increasing amounts of photos people take on their devices.

Unfortunately, the acquisition means Loom will be shutting down its own service within a month. Loom is not allowing any new signups, and the company informed customers that the service will officially shut down on May 16. Current customers can choose to export their photos to Dropbox, where they’ll automatically receive the same amount of cloud storage they had with Loom, or they can opt for a .zip file that contains every image they’ve ever uploaded to Loom’s servers.

Also joining Dropbox—by way of acquisition—is a company called HackPad, a wiki-style collaboration and note-taking tool that could also boost Dropbox’s own recently launched internal collaboration tools.

Unlike the Loom acquisition, Hackpad will continue to remain open to existing and new customers, and the company said it will be working with Dropbox to “bring new offerings to the market.”

Image of Gentry Underwood of Dropbox by Adrianna Lee for ReadWrite

View full post on ReadWrite

Go to Top
Copyright © 1992-2014, DC2NET All rights reserved