Dropbox hacked

[erect]

I never trust it when they say...

... (dropbox) has already contacted the users it knows were compromised.

... so I figured I'd bring it up here.

Change Your Dropbox Password Right Now ... - Business Insider

 

[m0rtal]

And this is why I don't trust online storage like this...it's convenient yes...but that's about it. Yes I use it, but I try not to put anything sensitive on there.

 

[liams]

It doesn't look like Dropbox was hacked, really, just a victim of bad password practices. This looks alot like the Twitter "hack" several years ago when somebody guessed their Google Apps password.

 

[mituozo]

Dropbox wasn't hacked... Other sites were hacked, exposing people's passwords, which they also used for their dropbox accounts.

It's like getting your gmail account hacked, and people using that PW to login to all the other stuff you use your PW for.

 

[(O_o)]

almost every major site that has a valuable database has already been hacked. its just not published or known by the company.

tons of db's floating around the underworld. I remember years ago you could get 50% of the MySpace db for a 5-6 figures. full info.

its really scary and pathetic really. thats why I signup to all of these services anonymously.

 

[guerilla]

I use lastpass and create a unique pw for each site.

 

[zimok]

Truecrypt works perfectly in conjunction with dropbox, it only uploads the bits that were changed. (not the entire container each time)

 

[MediaBuysEyez]

I use lastpass and create a unique pw for each site.

^^^ This. There is no excuse anymore to use a password you can remember for logins.

 

[Goodcat]

^^ I do the same, only with Roboform. Really not looking forward to the day when the news break that Roboform's been hacked. Then i'll really be fucked

 

[Jizzlobber]

LOL.

 

[Fatbat]

I use lastpass and create a unique pw for each site.

KeePass for me, but the same deal. Unique 128 bit passwords for each and every account I have online, and I don't store a copy of it in the cloud. I have an encrypted copy on a memory stick, that I update regularly, which I keep in a safe place. I learned my lesson with a close call a couple years ago, and while my system might not be perfect, it gives me peace of mind.

That being said, I just changed my Dropbox password. Thanks for the heads up.

 

[Sonny Forelli]

Truecrypt works perfectly in conjunction with dropbox, it only uploads the bits that were changed. (not the entire container each time)

T.H.I.S.

 

[ly2 from WF]

ALL YOUR ARTICLES AND LOGIN PASSWORDS ARE BELONG TO ME

 

[nickycakes]

I use lastpass and create a unique pw for each site.

I use keepass, never heard of lastpass. Better?

 

[guerilla]

I use keepass, never heard of lastpass. Better?

Built into my browser. I think Turbo uses it too.

https://lastpass.com/

It's cloud pw stuff. I started using it after they last got hacked. They do pws for enterprise clients, so I feel pretty decent using what they use, cause if someone hacks them, they will be using CorpA and CorpB's pws long before they compromise my twitter.

 

[MediaBuysEyez]

I use keepass, never heard of lastpass. Better?

IMO - yes

 

[Clarkey]

May have to look into this lastpass, any of you nervous that could get hacked?. I just have all my passwords saved into an excel doc I keep on my memory stick!

 

[MediaBuysEyez]

May have to look into this lastpass, any of you nervous that could get hacked?. I just have all my passwords saved into an excel doc I keep on my memory stick!

Some food for thought: How to Build a (Nearly) Hack-Proof Password System with LastPass and a Thumb Drive

 

[netbert]

Dropbox wasn't hacked... Other sites were hacked, exposing people's passwords, which they also used for their dropbox accounts.

It's like getting your gmail account hacked, and people using that PW to login to all the other stuff you use your PW for.

Not exactly.

Another site was hacked and exposed a password that a Dropbox employee used on his Dropbox account. That Dropbox account contained files with sensitive data in them (a spreadsheet of Dropbox user email addresses, IIRC).

This would be considered a hack of Dropbox itself in the same way a social engineering attack would be. Dropbox did not have adequate security practices.

 

[SeoReborn]

Changed password immediately, thanks man.