Dropbox hack and the password security conundrum
The Dropbox hack is the latest reminder that the end is near for traditional authentication methods.
- This week, we discovered that 68 million user email addresses and passwords were compromised in a hack that took place in 2012 — significantly worse than originally reported at the time. The credentials have started leaking online.
- “What’s interesting about this hack is that it highlights how long stolen credentials can lie dormant on the dark web and then rear their ugly heads far into the future, often still valid,” said Stephen Cox, chief security architect at SecureAuth, an authentication platform.
- The original Dropbox hack was the result of a Dropbox employee using the same password for both his LinkedIn and corporate Dropbox accounts. The LinkedIn breach — also in 2012 — revealed the password and allowed hackers to enter Dropbox’s network and gain access to a database with encrypted passwords. The incident raises questions about the effectiveness of traditional password security measures and enterprise security culture.