The phrase "let cooler heads prevail" is one that people should repeat once a day while looking in the mirror, at least when it comes to online security. The Internet was positively abuzz yesterday (Oct. 14) with apocalyptic articles about a millions-strong Dropbox hack. The only trouble is that the hack never happened, and if you use Dropbox, you're almost certainly safe.
Here's what happened: A money-hungry malefactor hopped onto Pastebin, and posted 400 "hacked" Dropbox usernames and passwords, promising that he could provide almost 7 million more if people fattened his Bitcoin coffers. Reputable sites from Engadget to Ars Technica picked up the story almost immediately.
After some time, it became clear that the Pastebin claims were unsubstantiated, and those websites updated their pieces accordingly, but the Internet at large took the original story and ran with it.
Dropbox was quick to respond to the issue, dispelling rumors that it had been hacked.
"The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox," wrote security expert Anton Mityagin on the Dropbox blog.
Rob Graham, head of Errata Security, explained this phenomenon on Twitter.
"Hackers take passwords from one dump, then publish them claiming to have hacked a different site like Dropbox," Graham wrote.
It's not clear where the Pastebin poster got his information, but the fact that some of the credentials do open Dropbox accounts does not mean that Dropbox is compromised.
Keep in mind that many people use the same username and password for many, or every, online services. Plug enough of those sets of credentials into Dropbox, and a few of them are bound to work. If you've read other security articles from Tom's Guide, you know how to fix this: Use different passwords for your high-value accounts.
Dropbox also recommended that people make use of its two-step verification, which will also effectively prevent hackers from gaining access to your account. The moral of the story is, as always, be proactive with your online security and take big-talking hackers with a grain of salt.
No comments:
Post a Comment