»Dropbox denies hack after anonymous post claims it has personal details of up to 6.9M users

Dropbox denies hack after anonymous post claims it has personal details of up to 6.9M users

Posted by sciencetech-blog on Tuesday, October 14, 2014 Label:


comments

Cloud storage site Dropbox has denied claims it has been hacked after an anonymous account posted what it claims are the usernames and passwords of hundreds of the site's users.

An anonymous post to website Pastebin - which people use to save text they would like to paste elsewhere later - contained a list of hundreds of email log-ins and passwords the hacker said were linked to Dropbox accounts.

In it, they claimed that more than 6.9 million Dropbox account details have been obtained and would be posted.

An unfortunate slogan:Cloud storage site Dropbox has denied claims it has been hacked after an anonymous account posted what it claims are the usernames and passwords of hundreds of the site's users

An unfortunate slogan:Cloud storage site Dropbox has denied claims it has been hacked after an anonymous account posted what it claims are the usernames and passwords of hundreds of the site's users

The hacker has asked for donations in digital currency Bitcoin in exchange for revealing the alleged flaws in Dropbox's security - and revealing more account details.

'As more BTC (Bitcoin) is donated, more Pastebin pastes will appear,' the hacker wrote.

However, Dropbox has denied that its service has been compromised.

Anton Mityagin, of Dropbox, said the hosile move is an attempt to gain money from stolen data found elsewhere online.

'Recent news articles claiming that Dropbox was hacked aren't true. Your stuff is safe,' he said.

'The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. 

Anonymous attack: An anonymous post to website Pastebin, which is traditionally used to save text users would like to paste elsewhere later, contained a list of hundreds of email log-ins and passwords the hacker claimed were linked to Dropbox accounts. A stock image illustrating a n anonymous cyber criminal is pictured

Anonymous attack: An anonymous post to website Pastebin, which is traditionally used to save text users would like to paste elsewhere later, contained a list of hundreds of email log-ins and passwords the hacker claimed were linked to Dropbox accounts. A stock image illustrating a n anonymous cyber criminal is pictured

..THE THREAT COMES WEEKS AFTER CELEBRITY PHOTO HACK 

Images of more than 80 stars including Oscar winner Jennifer Lawrence, Rihanna and Kim Kardashian were stolen and posted online a month ago by mystery hackers.

Ms Lawrence, 24, has said it is a crime and sexual violation.

Photos of Lawrence, model Kate Upton, actress Kirsten Dunst and other women had apparently been hacked from individual iCloud accounts and were uploaded to the image-sharing forum 4chan.

The FBI has been investigating the matter, while Apple admitted that certain celebrity accounts had been compromised.

But the company said none of the cases it had investigated were due to any breach in Apple's systems including iCloud or Find My iPhone.

The European Union's new digital head accused celebrities whose naked photos have been leaked online of being 'dumb' for having taken them in the first place.

Gunther Oettinger, who will become the European Commissioner for digital economy and society next month, said: 'If someone is dumb enough as a celebrity to take a nude photo of themselves and put it online, they surely can't expect us to protect them.'

He later added: 'Everybody has a right to privacy.The EU Commission wants to make cloud computing safer,' but did not apologise for his earlier comments.

Google is being threatened with a £60 million lawsuit from female celebrities for allegedly profiting from the biggest nude photo-hacking scandal in history.

The search giant has been accused of failing to remove the private images and 'making millions from the victimisation of women', according to a legal letter obtained by The New York Post.

'We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.'

Mr Mityagin went on to encourage users to increase the security on their Dropbox account, citing this attack as a good reason to turn on two-step verification.

This adds a second layer of security to an account and is used by many other online services. In this instance it requires an additional code entry that is sent to a user's phone when they try to log in, as well as the password.

'The idea behind two-step verification is to combine "something you know", like your password, with "something you have", like your phone to add an extra layer of security,' said Dropbox's Cory Louie.

This attack marks the latest incident in a growing line of hacks on major websites and services as hackers look to mine personal data. The celebrity nude photo hack, as well as breaches to eBay and photo-messaging app Snapchat have attracted considerable attention this year.

Some industry experts have been less dismissive of the attack than Dropbox.

Tony Pepper, CEO of online security platform Egress has warned consumers and businesses are risking themselves through what he calls 'bad habits'.

'Another day, another example of why people should not trust insecure online collaboration platforms, such as Dropbox. It is not just personal information that is at risk but commercially sensitive data as well,' he said.

'As IT becomes increasingly consumerised, people are not only bringing their own devices to work, they are bringing their bad habits too. How often have you been communicating with a colleague or partner and needed to share a large file, and the easiest option has been to simply send it via Dropbox? It is becoming common practice.

'Incidents such as these highlight the risk to data security that this creates and should act as a wake-up call for organisations to start looking at the processes within their business.' 

Financially motived: The hacker asked for donations in Bitcoin (pictured) in exchange for revealing the alleged flaws in Dropbox's security, as well as revealing more account details

Financially motived: The hacker asked for donations in Bitcoin (pictured) in exchange for revealing the alleged flaws in Dropbox's security, as well as revealing more account details

Mark Sparshott from security firm Proofpoint explained that is the casual nature of some users when it comes to passwords that places them at risk to attacks like this.

'Cybercriminals were able to simply log in to Dropbox accounts using the usernames and passwords they hacked or purchased elsewhere on the internet. Cybercriminals know that many consumers are not aware of security best practice, or choose to ignore it, by using the same ID/email address and password to login to multiple online services,' he said.

'This password reuse is exacerbated by the increasing volume and success rates cybercriminals are enjoying with advanced phishing campaigns such as longlining, many of which are "Credential Attacks" where the phish email sends the recipient to a fake website resembling the login page of a legitimate online service, often Amazon, Dropbox and Google Docs.'

However Dropbox is maintaining that on this occasion the attack has not affected their service.

'A subsequent list of usernames and passwords has been posted online. We've checked and these are not associated with Dropbox accounts,' the cloud firm said.



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe


Related Posts:



0 comments:

Post a Comment

Copyright © 2014 sciencetech-blog. All rights reserved. New Super Seo modified by CB Blogger. Powered by Blogger