He told BBC News the document contained a "very unique, character, completely random password" used by his wife to login to Dropbox. It had been created by a password manager, he said, making the chance of it having been correctly guessed "infinitely small".
Mr Hunt wrote his blog : "There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords - you simply can't fabricate this sort of thing.
Security researcher Ken Munro also said the hack appeared to be genuine and to have "taken place in ". And there was "no indication" Dropbox user accounts had been improperly accessed. Meanwhile, on Tuesday the password management service OneLogin - of which Dropbox is a client - revealed that a user gained access to one of its systems used for log storage and analytics. Alvaro Hoyos, chief information security officer at OneLogin, has said that this incident is not connected to the Dropbox hack.
A senior Dropbox employee told the publication that the credentials were legitimate, and data leak compiler and security researcher Troy Hunt has since chimed in to agree. Dropbox says that it hasn't seen evidence of intrusion on the compromised accounts, and they've all had their passwords reset as of last week. The company has been encouraging users to enable two-factor authentication which it also did in and is suggesting that users change their passwords on other sites if they ever reused a Dropbox password somewhere else.
You can check if your data is included in the breach using Hunt's tool HaveIbeenpwned. The good news is that the passwords in the data dump are hashed , and what was actually exposed is that scrambled datathe output from running passwords through a cryptographic algorithm.
But some were protected using bcrypt, which is believed to be a more robust algorithm, while some used SHA-1, an older, weaker hashing function. Dropbox has certainly been in damage-control mode, characterizing the password reset in emails to affected users as "purely a preventative measure. He compares the leak to the recent breach of years-old Linkedin user data, which has since become a powerful tool for password crackers.
By resetting affected victims' passwords, Dropbox has now taken the basic steps necessary to respond to the hack. If you want to protect your files, you could always move to another provider.
Our article comparing Dropbox vs Google Drive vs OneDrive compares the big three, but you would need to look somewhere else for a true zero-knowledge cloud service. These protect your files before you use cloud storage, and the keys are held on your devices so you know everything is safe. One of our favorite pieces of encryption software is Boxcryptor.
It keeps no information about its users and can protect any files from almost any attack. Although no software is perfect and nothing is ever risk-free, programs like Boxcryptor are a step in the right direction. You can find out more information about this encryption software in our NordLocker review. By separately encrypting your data and using unique passwords, you can help keep your data safe, although these practices are good ideas regardless of the security a service provides.
Let us know your thoughts in the comments below. Thanks for reading. Wave FreshBooks vs. Xero FreshBooks vs. QuickBooks Online Xero vs.
0コメント