Why one breach begets more breaches – a look at the DropBox “breach”
As was recently illustrated in the Access Granted, “Seven Myths of Cybersecurity,” infographic series, Americans have a pretty serious issue with password reuse. On average, Americans have 20 different online accounts. They only have about five different passwords for all of them. That means they’re using the same password across approximately four of their different online accounts and profiles.
What’s the harm with that? Well, if the network of one of your favorite online retailers is breached, or if someone guesses your password, or if you download a piece of key-logging malware, your passwords could be compromised. And since that one password is used four times, on average, you’ve suddenly given access to multiple online accounts to an individual or individuals that want to use them for nefarious things.
Now imagine if one of those compromised accounts was an online repository for your sensitive files, data and other information. Well…that’s exactly what happened to users of the online storage service, DropBox.
DropBox is a cloud-based, secure file storage and sharing solution that users utilize to make their documents, family photos, music, and other files more portable, shareable and accessible. It’s also something that people use to make their work documents available to them everywhere…often at the chagrin of their employers.
In October of 2014, DropBox was apparently the victim of a breach that gave access to user accounts to bad actors. But it wasn’t. In a blog post and messages to the press, DropBox claimed that compromised accounts were the result of password reuse.
According to the company, “Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox…”
Authomate CEO, Jeff Schmidt, and Savanture CEO, Doug Howard, discussed the DropBox “breach” in-depth during a recent Webinar entitled, “Anatomy of a Breach.” During the conversation, they discussed who is responsible for securing accounts, what users and DropBox could have done differently to avoid a breach and what users need to know to better secure themselves moving forward.
Click HERE to watch the replay of the “Anatomy of a Breach” Webinar (registration required)
Here is a video from the Webinar featuring Jeff and Doug discussing the DropBox “breach:”
To watch the, “Anatomy of a Breach,” Webinar – which dives deep into the breaches that impacted Anthem, JPMorgan Chase, OPM, Starbucks and DropBox – in its entirety, click HERE (registration required).