On Aug. 31, Dropbox announced a major security breach of usernames and encrypted passwords. As a result of the breach, about 70 million account credentials were stolen. It is believed that the breach happened because Dropbox users supposedly used simple passwords, or used the same password across all or most of their accounts.
After cracking the passwords, hackers can find similar usernames, and use their Dropbox passwords in order to log onto other platforms such as their email, Facebook, Twitter and Instagram accounts. Dropbox says that it is doing as much as it can in order to secure the user accounts by resetting passwords. If internet users rely on the same password for their Dropbox and other social media and emails, hackers can easily get into any of these account. According to HackRead, a major technology and cyber security news platform, the user credentials and encrypted passwords are easy to hack if the hackers have the right tools, such as a HashKiller.
Contributors on the Dark Web, a part of the internet that requires special software in order to access, are also selling Twitter, MySpace and LinkedIn credentials. It is important to ask what these companies are doing in order to protect our information.
Dropbox, among other companies, claims that it is taking preventative measures. One would think that after a major breach like this, it would heavily encrypt the server that contains the credentials of their clients. One would also think that it would force users to reset their passwords routinely like Google does in order to protect people using their accounts across multiple devices. Because Dropbox is not the only cloud service that exists on the market, Dropbox users may opt to use other websites, especially if they have Google or iCloud accounts. Using Google Drive and iCloud are much easier when all emails and files are saved on the same server.
However, none of these companies are off the hook. Now more than ever, they should all be held highly responsible to protect their clients’ personal information. The problem seems to lie in the online security measures that Dropbox and other websites require when there is a false login. Prevention requires that a solution exists before a potential problem may arise.
Dropbox now uses two forms of authentication, which include a password and a site-generated pin that has to be sent as a text message from the user’s primary phone. Google also has a similar authentication system that allows a linked phone to vouch for any device used to open an account. Therefore, if the device in conjunction is not present, no one can get into the account, which provides the ultimate safety measure. Perhaps the rest of the responsibility from here on out falls on the consumers. As long as they do not use the same password for every account, it remains unlikely that they will get hacked.
But there are other matters that Dropbox has to keep in mind. Most people, for example, use security questions to strengthen their accounts. It is both the responsibility of consumers and these service companies to safeguard their accounts.