First of all, Dropbox was not hacked.
The usernames and passwords posted to Pastebin were stolen from an unidentified third party and those usernames and passwords were then used to connect to Dropbox accounts. Dropbox posted on their own blog that “they have measures in place to detect suspicious login activity.”
Because many users use the same password for both accounts, this was not a difficult “hack,” if you can even call it that.
Pastebin
Pastebin has become popular in the hacking world because it does not require registering, can handle large text files, and there is not a lot of proactive moderation happening on the site. The type of information that is popular on Pastebin includes compromised Facebook accounts, websites, corporate subnet addresses, and exports of username and passwords from compromised databases.
The big question is whether it is Pastebin’s responsibility to moderate this content or does the responsibility lay with the organizations and individuals with poor security systems in place?
Protect Yourself
1. Change your passwords often, this is easier said than done. JUST DO IT!
2. Have a complicated password (upper case, lower case, numbers and special characters). This would not have helped with this type of hack but it is a good idea anyways. It amazes me going through that list of hacked username and passwords, how simple most of the passwords are.
3. It is recommended to have a different password for all the different services that you use. The issue is that with more and more online services, this becomes a very difficult talks and becomes hard to remember all your passwords. With most sites using your email address as the username, that is the first key to the door. That is also an easy one to get, which makes your password (final key to the door) very sensitive. One way to have different passwords and still remember them is to have a pattern.
For example:
Start out with a base password that you will remember.
Add the initials of the site you are using. (Bank of America - BOA)
Add some number you can remember and a special character.
Example for a dropbox password - BaseDP1993!
Same pattern for Yahoo – BaseYH1993!
If you are worried that your company’s IT security might be leaking valuable information outside the company, take this Dropbox incident as a reminder to tighten things up. And don’t be afraid to call in outside help to perform an IT security audit or make recommendations on your company’s IT security. Sometimes it’s good to hear it from an expert.
