September 15, 2016
Dropbox recently disclosed that 68 million of its user’s login credentials were published after it was initially hacked back in 2012. Does changing a password now really make a difference?
The file servicing company is back in the spotlight after the login details of 68 million of its users were published after it was hacked back in 2012. Dropbox has taken the usual, sensible approach by reminding people to change their passwords regularly in any case and, in particular, when the security of any online provider they use has been compromised.
It has also initiated a push reset that changes all the passwords of those potentially affected to ensure no one was missed, reassuring impacted users that even if their previous passwords were compromised, their accounts cannot be accessed.
While companies suffering an unfortunate hack often recommend resetting passwords, few take the step of actively encouraging users to use 2-step authentication. In its blog, Dropbox recommended this approach - but its email notifications only mention passwords; the same is true of their help page on ‘Email and Passwords’.
I am sure, however, that we are not too far away from a company enforcing enhanced security, such as 2-step authentication, on its users. AVG recently conducted a poll in the US and UK to find out who people think is responsible for their online data. Against this backdrop, the findings are interesting.
Those who are most responsible for keeping online data safe are any businesses that store personal data (74%), banks (66%) and online security companies (57%). Only banks and security companies were seen as taking this responsibility seriously enough by 74% and 63% of people respectively.
So it seems that people expect a company like Dropbox to take responsibility for keeping their users’ data safe but they don’t necessarily think such businesses take this seriously enough. In addition, 86% of people polled said that personal identification data was the type of information they were most concerned about sharing, and having collected by businesses.
It’s great to see that people are aware – and concerned – about how other entities handle their private data and what degree of responsibility they take for holding that data. The news about Dropbox merely confirms that we can’t simply trust companies to keep our data safe.
So if you are affected by this breach, or have been affected by any other, then I recommend taking two steps to try to remedy the situation.
Firstly, secure any online accounts, such as banking or social media, by ensuring they aren’t using the same email and password combination. If you are re-using login details across multiple accounts, change them and use two-step authentication if possible, such as a password and a back-up phone number or other account.
Secondly, be alert to suspicious activity on your accounts such as receiving any potentially fake emails. If your data is at risk for having been compromised, you should validate these as genuine by contacting the company that sent them directly or visiting their website before taking any of the action suggested by the email.
Finally, as you would expect, I always recommend having a good internet security product on your PC or mobile devices. Whether you use a laptop or a tablet to access your online accounts, you should always ensure you are as protected as possible against any hacks, phishing tricks or spam emails because as we have seen, we can’t rely on other people to keep us safe online.
September 15, 2016 by Tony Anscombe