Seven Million Dropbox Passwords

6070i9236E263B01B8B7A
6,937,081 usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

I recommend that users turn on two-factor authentication and install a time-based, one-time password app on a mobile device.

To enable two-step verification:

  • Sign in to the Dropbox website.
  • Click on your name from the upper-right of any page to open your account menu.
  • Click Settings from the account menu and select the Security tab, or click here for a shortcut.
  • Under Two-step verification section, click Enable.
  • Click Get started.
  • For security reasons, you’ll be asked to re-enter your password to enable two-step verification. Once you do, you’ll be given the choice to receive your security code by text message or to use a mobile app.
  • After enabling the feature, consider adding a second phone number that can receive text messages as well. If you ever lose your primary phone, you’ll be able to receive a backup security code to that number instead.

Or, move away from dropbox, I recommend using Google Drive, OneDrive, and Box.net.

This entry was posted in Security Blog and tagged , , , , . Bookmark the permalink.