Sunday, October 19, 2014

The 7,000,000 Dropbox Account Hack that wasn't - How to change your Dropbox password to protect 112 Petabytes of Cloud Drive that's 60% empty

“Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens”

Dropbox Representative Anton Mityagin commenting on the Dropbox “hack” in a post on Dropbox blog on Monday October 13th 2014

This Sunday October 19th 2014, I am reading my newsfeeds while sipping on some Miracle Sweetened Instant Chocolate with Hazel Nut Flavour, which surprisingly for a 170g (6oz) tin only costs JA$126 at the Hi-Lo Supermarket in Cross Roads!


There are hacks, like the Kmart Credit and Debit Card hack that exposed potentially millions of Credit and Debit Card numbers as reported in “Kmart says payment systems hacked”, published October 10, 2014: 7:21 PM ET by Melvin Backman, CNN Money.

According to Kmart officials, no personal information i.e. pin codes, email addresses or social security numbers were taken, making this hack a mere test-run and essentially useless list of 16 digit numbers as noted in the article “Kmart shops hit by payment card hack attack”, published 13 October 2014 Last updated at 09:41 GMT, BBC News.

So if that hack involved Credit and Debit Cards, essentially money, then why did the Dropbox pseudo-hack of some 7 million passwords that happened the same day as reported originally in the article “[Update] Hundreds of Dropbox passwords leaked online but Dropbox denies it was hacked”, published 13 October 2014 by Owen Wilson, the Next Web and “Dropbox says it wasn't hacked after 7 million alleged user credentials appear online”, published Oct 14, 2014 8:46 AM by Lucian Constantin, PCWorld, get so much Press coverage?


After all, it is a lot of Cloud Space and potential Petabytes of personal information that can potentially be exposed to the public. Dropbox has also posted a public statement on their Blog on  Monday October 13th, 2014 entitled “Dropbox wasn’t hacked”, published October 13, 2014, by Anton Mityagin, Dropbox

In that post, Dropbox categorically denying a hack took place, just a theft of password and urging Dropbox Account holders to change their passwords and upgrade to two step verification.

Still, this hack it pales in comparison to the Russian hack of some 1.2 billion passwords and logins for various website Accounts ranging from Facebook to even Dropbox stolen in August 2014 as noted in my blog article entitled “Russian Gang steals 1.2 billion Logins and Passwords - Defense Against the Dark Arts on How to protect yourself  against Hacking and Phishing”.

So again I ask, why all the media attention!?

Hackers posted 400 Emails on Postbin – Hungry-belly hackers greedy for Bitcoins

The hackers, a cheeky lot they are, posted  in Pastebin on October 13 at 4:10 p.m. CDT, a list purportedly of some four hundred (400) email/password pairs with all the email logins starting with the letter “B”.


The original list of emails to perform the phishing was probably obtained by initially “scraping” websites where Dropbox peeps hang out e.g. Facebook or even directly from smartphones using such software as Atomic Email Hunter among many others as described in my blog article entitled “GOJ securing Government Websites against Hackers - Linux-based GovNET to remove Windows vulnerabilities and change Human Behaviour”.

They then demanded ransom payment in Bitcoins to reveal more, quote: “More Bitcoin = more Accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear”.

Clearly these hackers are hungry, boastful lot of wanna-be hacker ragamuffins, as pointed out by Malware Intelligence Analyst at Malwarebytes Chris Boyd in an emailed response to PCWorld reported Lucian Constantin, quote: “This was either a novel attempt at scaring people into setting up two factor authentication on accounts which allowed it, or a quick and dirty grab for Bitcoins. Given Dropbox’s claim there’s been no compromise and all of the ‘sample’ accounts were already expired, it’s looking more like the latter. Anyone can post extravagant claims to Pastebin and while there’s no harm in changing a password once word of a potential breach gets out, we shouldn’t panic and wait until more concrete information comes to light”.

Very silly move; that makes them traceable, as Digital currency has to be stored in a Bitcoin Wallet and for use in the real world, has to be converted to spendable dollars, as we don't yet live in a World where Bitcoin is common currency. This basically narrows down their location and their identity.

7 million Strong Dropbox Hack- 112 Petabytes of Cloud Drive space that mostly 60% empty

Aside from the opinion above, truth be told, Dropbox only offers 5GB Free Storage, compared to Google Drive, which since Wednesday May 15th 2013 upped their Storage to 15GB as I'd reported in my Geezam blog article entitled “Google Drive, the Dropbox clone, now ups the ante to 15GB of Free Storage during Google I/O”.

So assuming most people just have the basic Storage or possibly up to 16GB from referrals, 7 million compromised Accounts (actually 6,937,081 Accounts, according to the hackers!) works out to about 112 Petabytes of Cloud Storage.

Knowing myself and my usage of Dropbox while I'm at MICO University College to upload homework and downloaded files, the majority of those persons whose passwords were compromised probably have 60% of their Storage space unused, giving the hackers access to effectively 67.2 Petabytes of Cloud Storage space.

That's a lotta empty Cloud Storage Space, man!

Still the stored data, some 44.8 Petabytes of videos and photos is more likely to be work related and not topless nude or embarrassing pictures of you butt chugging with your bros as was the fear with the 200,000 Account strong Snapchat hack I’d explained in my blog article entitled “200,000 Naked Teenagers in Snapchat’s Snappening – How Teenagers Private Parts got swiped by Child Pornography Admins in the Thomas Crowne Affair

Defense against the Dark Arts - How to change your Dropbox password

Dropbox has categorically denied it was hacked as per the statement above, albeit they forced a password reset on the affected Accounts that were posted as noted in the article Hackers hold 7 million Dropbox passwords ransom”, published October 13, 2014 9:06 PM PD by Claire Reilly, CNET News.

I’d recommend dear reader, that you do the same.

The instructions are quite simple and your password chose should be a long string of alphanumeric characters in both upper and lower case as per my advice in my blog article entitled “Russian Gang steals 1.2 billion Logins and Passwords - Defense Against the Dark Arts on How to protect yourself  against Hacking and Phishing”.

This'll give the hackers a bit more work with their hash as noted in the article “How Passwords are Cracked: Never Use one Password on All Accounts” published August 15, 2014 by Kemory Grubb, Geezam. But still, I realize many people use Dropbox but have hardly fiddled with it, muchless use any different than their thumb drives.

I’ve seen people with Dropbox Account that have files scattered all over, with no organized folders. Some have NEVER actually logged into their Dropbox Account, preferring to merely drag and drop files to their Shared folder on their desktop or smartphone, not thinking much about it, save for the fact that its synched securely in the Cloud.

Worse, some persons keep all their data on the Cloud, with no physical backup in the real world as noted in my Geezam blog article entitled “How to do Physical Backup using DVD and CD and a Listing of the best software Burning DVD and CD’s”.

But every once in awhile you’ll need to login via the web interface for Dropbox.  Especially as it’s helpful for such tasks as sharing whole folders with friends or just creating a software download point for files as noted in my blog article entitled “How to share Public Dropbox Folders, allowing Downloads from your Dropbox Account - Sharing is Caring up in the Clouds

So while you scurry to get yourself an External Hard-Drive as well as a Thumb Drive, here's how to change you Dropbox password in pictures. First, make yourself a cup of the JA$126 Miracle Sweetened Instant Chocolate with Hazel Nut Flavour, available at the Hi-Lo Supermarket in Cross Roads!

Once you’ve had a cup, you’re ready to do this DIY (Do It Yourself). First login to your Dropbox Account.


You should see this page next as shown below.



Then Click on your name e.g. Lindsworth Deer with the Arrow point downwards. A drop down menu should appear. From that menu click on Settings as shown below.



The Settings page will appear as follows, with a lot of noteworthy things you can customize about your Dropbox Account.



Under Security Tab you’ll see Change Password and Forget Password? Choose Change Password to do exactly that. You may notice that there is an option to enable 2-step verification. You can select that and thus enable an extra layer of protection that requires you to answer a rotating series of Secret Questions about yourself that only you should know.



Once you select Change Password, the dialog box will come up. Enter the Old Password and then the New Password and then click Change Password command button to make the changes final.



When you’re finished, you can then log out and log back in to verify that the Password change took effect.



That’s it; you’ve just changed your Dropbox Account password. Best of all, you’ve rendered all those 7 million passwords being held by those hungry belly Hackers useless. Congratulations, as you can now enjoy a sip of that Miracle Sweetened Instant Chocolate with Hazel Nut Flavour.



No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.