Nearly 7 million Dropbox
usernames and passwords have been reportedly hacked, apparently from
third-party apps that allowed users of app to access their accounts. The leak
was sighted on a site called “Pastebin, where hackers have already leaked about
400 accounts site address http://pastebin.com/NtgwpfVm.
The hackers promised to release more accounts in return for “Bitcoin”
donations. The hackers claim to have over 6.9 million email addresses and
passwords belonging to Dropbox users.
In a statement Dropbox denied that it was hacked: This is not
very Surprising………
Dropbox has not been hacked.
These usernames and passwords were unfortunately stolen from other services and
used in attempts to log in to Dropbox accounts. We'd previously detected these
attacks and the vast majority of the passwords posted have been expired for
some time now. All other remaining passwords have expired as well.
Does it sound familiar? It's a
similar response to the one Snapchat had provided when hackers were able to
obtain about 100,000 photos from the service through a third-party apps. This
establishes that the fact: the mobile app's core feature - delivering photos
and videos that vanish seconds after viewing - is flawed. Snapchat then claimed
that its servers weren't hacked, but the servers of a third-party app designed
to save Snapchat photos.
The real problem in both cases
appears to be the way popular services allow third-party apps to use their
platform. Even though Dropbox's own servers weren't hacked, the service still
allows third-parties access, which has become the target for hackers to obtain
personal information. Dropbox is sending affected users emails encouraging them
to reset their passwords.
This is an alarming situation.
Services like Dropbox, Snapchat, and Apple have pushed blame on users and other
third parties following recent reported hacking attempts when it's clear
they're not doing enough to scrutinize the kinds of apps that have access to
their platforms.
This brings me to an important
question, are we safe while using such services. Is our data and identity being
protected by service provider? Can the regulators help us by framing
appropriate laws that will ensure accelerated usage of such services?
No comments:
Post a Comment