Recently a group of hackers have claimed that they’ve stolen a database of seven million Dropbox log-in details, which they’ll slowly be releasing over the coming months. But Dropbox claims their service wasn’t hacked. So where did this supposed database come from?
To make a long story short, third party services are to blame. While Dropbox is a reputable cloud solution with a security team in place to ensure your data stays safe, third party services that make use of your Dropbox login details to provide added functionality that might not be available natively within Dropbox are usually far smaller as businesses, and therefore much easier targets.
Put all this together and you’ve got a third party service which is far more vulnerable to attack than the parent (Dropbox), but uses the exact same login details to deliver a service. Furthermore, the fact that users commonly re-use the same passwords and usernames across multiple websites and services means that seven million log-in details for Dropbox, might be far more useful and valuable elsewhere to wrongdoers across the globe.
While Dropbox has processes in place that detect suspicious log in activity, the bulk of responsibility for security lies where it always has really, the user.
We have notoriously bad password habits, and rarely think about how careless we may be online, but the end result is that we are essentially the weakest link in the security chain. And as much as these services have a responsibility to protect us, we have a responsibility to protect ourselves.