Hackers claim to have accessed the Dropbox passwords of seven million accounts. Several hundreds of the account details have been shared on the site Pastebin by the perpetrators. Dropbox outright dispute the claims. According to the company, its systems have not been compromised and the data shared by the hackers so far, was from a different unconnected service.
It's a messy situation. First off, it's not at all unprecedented that the claims of hackers turn out to be spurious. These hackers are looking to accept bitcoin payments in exchange for releasing more data. Several hundred account usernames and passwords were released, but who's to say they really have a further 6.9 million.
Add into that mix, although Dropbox claims the data released originates from a different service, many people use the same username and password across different sites. The hacked accounts might not originate from Dropbox, but some of them will allow access to that service and other sites.
A blog post by Dropbox said:
"We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account."
We've gone over it before, the days of usernames and passwords should be numbered. On their own they're a vulnerable and inadequate solution to security. One way around this is to introduce two-factor authentication as the Dropbox blog posts mentions. Most major websites offer the service now. It's a good solution, but it's not the most elegant. It adds in an extra step: an additional layer of inconvenience. What we believe in here at Ensygnia is device-based authentication.
Our login and registration system says goodbye to usernames and password. Log in to your favourite sites with one scan from your mobile phone. Our solution precludes the need for usernames and passwords and there is no database to steal, so no more password hack headlines.
By Matthew Taylor 14th October 2014
Related stories around the web