What does the Dropbox hack mean for my business?
In 2012 Dropbox was the victim of a significant breach that resulted in the email addresses and passwords of some users being compromised. Initially it was believed that a small number of user's details had been caught out in this incident however in August 2016 it was confirmed that over 60 millions accounts were compromised.
The passwords included in the breach appear to have been protected by strong encryption, reducing the chance that they have been compromised.
What does this mean for me?
If you were a member of Dropbox in 2012 there is a good chance that your email address and password at the time were compromised. Dropbox has now taken steps to reset the passwords of all impacted accounts, however if you simply reused the same password, or you used the email address and password on other sites, you could be at risk of having your accounts compromised.
What does this mean for my business?
As a service focused towards businesses it is not uncommon for work emails to be used on with Dropbox. If you or any of your employees created an account with their work email address and reused a password they use elsewhere (e.g. for their work email or online service access) your business could become a target for cyber criminals.
Email addresses caught up in Dropbox and other breaches have also begun to be more actively targeted with spam and phishing, which as well as being annoying, can be more difficult to spot if using details from these incidents.
If you would like to better understand the risks these types of events pose you and your business or would like some more guidance please reach out for a free no obligation consultation:
What should I do now?
FIRSTLY: DON'T PANIC
While your account maybe have been compromised in a security breach, it does not necessarily mean that it has been exploited or that you have had your identity, data or money stolen. However, you should take some basic action and precautions to avoid any further damage:
STEP 1: RESET YOUR DROPBOX ACCOUNT
If you haven't already you should log into your Dropbox account and reset your password. The following link will guide you through the process if you're unsure.
You should also encourage any employees that may have registered with their work email addresses to do the same.
STEP 2: FIND WHERE YOUR ACCOUNT IS USED
Next you should understand what other services you have registered for with that email account. Think about companies and services you interact with using this account, review any accounts you may have saved in your internet browser, search email for new registrations and check your physical mail for useful reminders such as utility bills.
STEP 3: CHANGE CRITICAL PASSWORDS
Once you understand where your email is used, you should login to the service, check for any unexpected transactions and change the password to a strong password. You should prioritise accounts which are more valuable if they were to be compromised. These include:
- Banks and financial institution
- Email services (e.g. Gmail, Yahoo)
- Government websites and services (e.g. ATO, myGov, CentreLink)
- Utility companies (e.g. phone, internet, gas, water, electricity providers)
- Personal computer logins and backup services
Incidents such as this are becoming more common and difficult to protect against. At CyberAsk we're working to help businesses prepare for and respond to these incidents in ways that reduce the harm they can cause.
As a CyberAsk member we work directly with you to understand and build solutions tailored to your business and situation.
Alternatively if you'd like to do some more digging on your own here are some useful links:
- Dropbox guidance regarding password resets
- Free service for checking your email addresses against large data breaches
- A more technical discussion of the Dropbox breach
"Boxed !" image by Craig Sunter