The folks behind popular cloud storage service Dropbox shared some bad news with their users on Tuesday evening: Some accounts were compromised after email addresses and passwords were stolen from unrelated websites.
It seems that a "small number" of individuals were using the same login information for those websites and their Dropbox accounts. It's tough to blame the cloud storage service for that personal security oversight, but it is worth pointing out that many Dropbox users have additionally experienced a flood of spam because "an employee Dropbox account containing a project document with user email addresses" was also accessed in the process.
It is very worrisome that a company like Dropbox would be keeping an unencrypted list full of its users' email addresses sitting around, protected by little more than a password that's used on multiple websites and services.
Dropbox is trying to prevent further security issues though. The cloud storage service is adding two-factor authentication along with several automated security mechanisms. Users will now have the option of setting their accounts to require two proofs of identity — such as a passwords and a temporary code sent to a cellphone — upon sign in.
While these security measures sound great, we are hesitant to put our full faith into Dropbox again. "Once burned, twice shy," some say. And this is already the second time Dropbox has left us with some sore spots.
Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.