Over the past few years, there have been many concerns regarding cloud computing, a lot of which are in direct response to security issues. Now, Dropbox has responded to the revelation that it was hacked, with many users’ personal details stolen. The firm said that by resetting passwords, it has actually prevented user data from being hacked.
The first signs that something was wrong was when a number of Dropbox users received an email stating that if they hadn’t changed their password since 2012, they would be prompted to add a new login during their next sign in. Dropbox Head of Trust and Security Patrick Heim wrote a blog post saying that the email was “purely as a preventative measure.” Despite this, there have been numerous reports citing an anonymous source that over 68 million credentials have been stolen.
One security expert, Troy Hunt, managed to obtain a copy of the information and discovered not only his details but also his wife’s. Not only did she utilise a password manager, but she also hadn’t changed her login since 2012. Hunt said: “There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords – you simply can’t fabricate this sort of thing.”
In further response to the ongoing reports, Heim stated that the breach is not a new security incident, and there is no obvious indication that any accounts have been hacked. “Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012,” he said, adding: “We can confirm that the scope of the password reset we completed last week did protect all impacted users. Even if these passwords are cracked, the password reset means they can’t be used to access Dropbox accounts. The reset only affects users who signed up for Dropbox prior to mid-2012 and hadn’t changed their password since.”
The hacking of Dropbox could have some positive impacts upon cloud computing and safety, however. For example, Kaspersky Lab Principal Security Researcher David Emm suggested that following the EU General Data Protection Regulation (GDPR), companies may place more emphasis on containing links instead of trying to stop them altogether. For example, Dropbox not only salted and hashed passwords but also provided immediate advice to consumers. This can limit the fallout of a breach, and ensures that users stay in the loop and can take action to protect their data.
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, Enterprise Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.