Dropbox hack 2012

[Smile]

Who remembers this? It turns out hackers got some passwords too..

 

Quote

Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light.

 

Quote

Earlier this week, Dropbox announced it was forcing password resets for a number of users after discovering a set of account details linked to a 2012 breach.

 

Quote

“We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," said Patrick Heim, Head of Trust and Security for Dropbox. "We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

 

Source: http://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts

[zMeul]

2 factor auth

[rattacko123]

59 minutes ago, zMeul said:

2 factor auth

Not phone 2 factor auth, email is best imo (e.g. steam code when using new browser)

[zMeul]

2 minutes ago, rattacko123 said:

Not phone 2 factor auth, email is best imo

i've been using the google auth app for couple of years, I prefer it to mail or SMS auth - I have a dedicated phone just for 2 factor

 

problem with your logic is that you need to protect your mail too, and how are you gonna do that if not with a phone (SMS or 2 factor app) ??

[Tataffe]

Using two-factor-authentication as well, with my phone via SMS.

 

I do not like the way Dropbox handles this. I received an email telling me that all passwords from 2012 an earlier were going to be reset. No mention of the hack as a reason. Plus if I used a very secure password* before, the chances that someone retrieves my new password using a man-in-the-middle-attack are higher than the chances that my old password will be breached.

 

*) My Dropbox password was generated by KeePass using an algorithm that puts out stuff like n@fY^`Ö{{w'ZE&<oQNOSÖ](r|däwzBKd, which I would call pretty secure.

Edited September 1, 2016 by Tataffe

[kiska3]

Yay! For dropbox not having the ability to use a YubiKey. I paid $40 USD for it

[rattacko123]

46 minutes ago, zMeul said:

i've been using the google auth app for couple of years, I prefer it to mail or SMS auth - I have a dedicated phone just for 2 factor

 

problem with your logic is that you need to protect your mail too, and how are you gonna do that if not with a phone (SMS or 2 factor app) ??

But what if phon get hack?
Well, you could use a really strong password for your email, or use another email as a backup email for 2-factor auth

[zMeul]

1 minute ago, rattacko123 said:

But what if phon get hack?
Well, you could use a really strong password for your email, or use another email as a backup email for 2-factor auth

my phone doesn't get hacked because I only use it 2 factor, I don't even go on line with it

 

and again that logic ... you need a 2nd email for backup and 3rd email for backup of the 2nd ... and so on 

[kiska3]

Or you could forget about both a backup email and a phone by having a YubiKey that you carry with you in your lanyard or in your wallet.

[Mr_Flynn]

1 hour ago, kiska3 said:

Yay! For dropbox not having the ability to use a YubiKey. I paid $40 USD for it

You can definitely use your YubiKey. They implemented the FIDO U2F standard last year (almost one year exactly) for two factor authentication.

[ThreePinkApples]

I like how they silently sent out mails last week where the just said that everyone that had passwords from before the mid of 2012 would need to change them. 

I just thought it was some kind of new policy that they wouldn't allow passwords older than 4 years, but hey, this is the actual reason : D

[desertcomputer]

2012? did i went back in time?

[kiska3]

3 hours ago, Mr_Flynn said:

You can definitely use your YubiKey. They implemented the FIDO U2F standard last year (almost one year exactly) for two factor authentication.

they did except it doesn't work for non-chrome browsers.  kinda a flaw in the feature right? vivaldi isn't supported

[suicidalfranco]

47 minutes ago, kiska3 said:

they did except it doesn't work for non-chrome browsers.  kinda a flaw in the feature right? vivaldi isn't supported

vivaldi/opera is a chrome browser...

[cazetofamo]

7 hours ago, zMeul said:

2 factor auth

Most people who use Dropbox don't even know what two factor authentication is, or why they should care about it. People who actually know anything will use mega.nz, it attracts less attention, yiu get way more free storage, and it supports 2 factor

[Tataffe]

25 minutes ago, cazetofamo said:

Most people who use Dropbox don't even know what two factor authentication is, or why they should care about it. People who actually know anything will use mega.nz, it attracts less attention, yiu get way more free storage, and it supports 2 factor

There's nothing wrong with Dropbox, though. I'm using it because I share several folders with other people, from my university or family, and I don't bother using more than one cloud service when I still have plenty of free space in my Dropbox.

 

Anybode here know how to deactivate OneDrive in Windows 10?

[cazetofamo]

3 minutes ago, Tataffe said:

There's nothing wrong with Dropbox, though. I'm using it because I share several folders with other people, from my university or family, and I don't bother using more than one cloud service when I still have plenty of free space in my Dropbox.

 

Anybode here know how to deactivate OneDrive in Windows 10?

Ahhhh, that's understandable. The people that I primarily share things with, I just email them links and they add it to their own mega accounts. I also have a dropbox on the side, as well as a google drive, but those don't house anything of real importance. But to each their own.

[Mr_Flynn]

7 hours ago, kiska3 said:

they did except it doesn't work for non-chrome browsers.  kinda a flaw in the feature right? vivaldi isn't supported

Not sure about Vivaldi (they might be using and older version of Chromium), but it works in Chrome and Firefox (with an extension).