![]() ![]() "These hashes seem to have also used a salt that is, a random string added to the password hashing process to strengthen them," he wrote. ![]() Joseph Cox, Contributing Writer at Motherboard, reported as many as 32 million passwords at Dropbox use hashing method 'bcrypt' to make passwords indecipherable to unauthorized users. Change passwords, add saltĪ number of independent security analysts have confirmed the Dropbox breach, comparing it to recent episodes at LinkedIn, MySpace, Tumblr and VK.com. "It's time that vendors began taking data security seriously as a business as usual practice and not an afterthought." Cloud storage users must protect their sensitive data by regularly changing passwords and not using the same passwords on multiple websites, he added. "Even a four-year-old breach can come back to haunt you as a vendor or customer," he said. Wethington called the issue a reminder that no one is immune from security breaches. "Sadly, this data is over four years old but still dangerous due to its scale and the fact that 50 percent of the passwords were encrypted with a relatively weak hashing algorithm." "The Dropbox hack is gathering a great deal of attention now that Dropbox has formally recognized the breach," said John Wethington, Vice President Americas at Ground Labs Pte. We have measures in place to detect suspicious login activity, and we automatically reset passwords when it happens." Remedial actions, protectionsÄespite its nonchalance in reacting to the cyberattack, Dropbox has consistently promoted its two-step authentication process and has repeatedly warned against reusing passwords "across services." Payments and security analysts have called these efforts too little, too late. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. ![]() 13, 2014, blog post on the company's website stated, "Recent news articles claiming that Dropbox was hacked aren't true. It is unclear whether Dropbox failed to fully assess damages related to the breach or deliberately withheld information. Our analysis suggests that the credentials relate to an incident we disclosed around that time." #Transformice hack 2012 plus"As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. "Our security teams are always watching out for new threats to our users," wrote Dropbox representatives in a statement to the press. #Transformice hack 2012 updateThe system-wide hack of the cloud-storage firm could potentially impact up to 68 million subscribers security experts have warned consumers and business owners to update passwords and keep a close watch on payment and online activity. The security community has been sharply critical of Dropbox for not sharing pertinent details of a massive security breach initially reported in 2012.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |