Monday, December 5, 2022

The Dropbox Data Breach

The Dropbox data breach

The dropbox data breach that recently took place highlighted prior security breaches. The passwords and data compromised come within an extensive list of primarily exposed credentials. It seems like dropbox is a frequent target for hackers. Dropbox might be considered negligent, but is that the case? Let us reflect further.

How Did it Happen

Like many businesses, Dropbox hosts several private repositories on GitHub. The Dropbox security team learned about a phishing campaign that appeared to be aimed at employees at the beginning of October. The phishing email claimed to be from CircleCI. A technology for code integration and delivery that Dropbox uses for particular internal code deployments. While some of these emails were automatically quarantined by our systems, others ended up in Dropboxers’ inboxes, according to the report.

These directed recipients to what seemed to be a CircleCI login page, where they were instructed to submit their GitHub account credentials using a realistic-looking template. The threat actor eventually succeeded in accessing “one of our GitHub organizations where they proceeded to copy 130 of our code repositories” despite being protected by a second authentication factor, in this case, a hardware authentication system to generate a one-time password, the security team confirms.

GitHub informed Dropbox of suspicious activity starting the day before the dropbxox data breach on October 14. As soon as Dropbox security teams “took swift measures to coordinate the rotation of all exposed developer credentials and ascertain what customer data, if any, was accessed or stolen,” the threat access was disabled.

A Pattern for Dropbox

Data must be able to transfer freely between the two businesses for Dropbox and other apps to interact. The entire process would take longer if your device had the first to decode the data. To circumvent this, Dropbox keeps your encryption key on file so they can access your data whenever they choose.

Moreover, Other services employ zero-knowledge encryption, which prevents anyone from accessing your files and ensures that your Password is kept private. Even though this slows down most operations. It makes it more difficult for governments and hackers to access your data because no one, not even the host company, knows what you’ve stored there.

Finally, Another potential security issue is that Dropbox’s headquarters are in the United States. A few US statutes, such as the Patriot Act, provide government organizations the power to request access to your data. This wouldn’t be a problem if Dropbox couldn’t see what you’ve stored. However, as things stand, a corporation situated elsewhere with stricter rules governing cloud privacy would put less of a danger to your files.

Is Dropbox Secure?

Thanks to basic security measures like two-step verification, your information isn’t accessible to every snooper. Most users shouldn’t experience any significant issues with Dropbox as long as their accounts are protected by these mechanisms and have safe passwords that were generated randomly.

There are ways to add a degree of security, though. If you don’t like the security risk that Dropbox poses and don’t want to utilize substitute services like iCloud Drive or Sync.com. You can help keep your data secure using separate encryption and different passwords. However, these measures are wise regardless of the level of protection a service offers.

What Can We Learn From the Hack?

Let’s get this out of the way right away: The Dropbox data breach did not occur last week. Yes, the incident resulted in the theft of over 68 million email addresses and passwords. But the intrusion occurred four years ago.

Why Are Compromised Credentials Resurfacing Right Now?

According to reports, the LinkedIn and Dropbox data sets are currently being exchanged on the dark web (or they were until a week ago). The price of the Dropbox set is slightly over $ 1,200 compared to the initial cost of $ 2,200 for the LinkedIn set. The value of both data sets declines with time. Data sets have little to no significance because most users will have changed their passwords by that point.

Not only was Dropbox hacked, but also LinkedIn

LinkedIn made a similar announcement to the Dropbox data breach last week in January. After recognizing that a set of emails and passwords had been stolen, they pleaded with LinkedIn users to change their passwords “as a matter of best practice.” The size of the data loss is not mentioned if you click the link in the paragraph above, although the urgency is clear from the regular updates to that specific page. More than 117 million LinkedIn accounts were impacted by what happened, though the actual figure may have reached 167 million.

Every data breach makes hackers better at it

Reading this article on Jeremi Gosney’s Ars Technica, who works as a professional password cracker. In other words, when more data breaches happen, future passwords will get easier for hackers to guess. Password crackers could see how users create and utilize passwords after the RockYou data breach exposed 32 million plaintext passwords. That method demonstrated how little thought we put into choosing our passwords, such as 123456 or Password.

Concluding Thoughts

The dropbox data breach won’t be the last breach ever to happen. Companies must update their cybersecurity measures frequently, so they won’t fall victim to further data breaches. Customers deserve better from such big names, especially. Education on the manner is critical. Better safe than sorry.


Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity space to stay informed and up-to-date with our daily articles.