“Recent
news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe.
The usernames and passwords referenced in these articles were stolen from
unrelated services, not Dropbox. Attackers then used these stolen credentials
to try to log in to sites across the internet, including Dropbox. We have
measures in place to detect suspicious login activity and we automatically
reset passwords when it happens”
Dropbox Representative
Anton Mityagin commenting on the Dropbox “hack” in a post on Dropbox blog on
Monday October 13th 2014
This
Sunday October 19th 2014, I am reading my newsfeeds while sipping on
some Miracle Sweetened Instant Chocolate with Hazel Nut Flavour, which
surprisingly for a 170g (6oz) tin only costs JA$126 at the Hi-Lo Supermarket in
Cross Roads!
There
are hacks, like the Kmart Credit and Debit Card hack that exposed potentially
millions of Credit and Debit Card numbers as reported in “Kmart
says payment systems hacked”, published October 10, 2014: 7:21 PM ET by
Melvin Backman, CNN Money.
According
to Kmart officials, no personal information i.e. pin codes, email addresses or
social security numbers were taken, making this hack a mere test-run and
essentially useless list of 16 digit numbers as noted in the article “Kmart shops hit by payment
card hack attack”, published 13 October 2014 Last updated at 09:41 GMT, BBC News.
So
if that hack involved Credit and Debit Cards, essentially money, then why did
the Dropbox pseudo-hack of some 7
million passwords that happened the same day as reported originally in the
article “[Update]
Hundreds of Dropbox passwords leaked online but Dropbox denies it was hacked”,
published 13 October 2014 by Owen Wilson, the
Next Web and “Dropbox
says it wasn't hacked after 7 million alleged user credentials appear online”,
published Oct 14, 2014 8:46 AM by Lucian Constantin, PCWorld, get so much Press coverage?
After
all, it is a lot of Cloud Space and potential Petabytes of personal information
that can potentially be exposed to the public. Dropbox
has also posted a public statement on their Blog on Monday October 13th, 2014 entitled “Dropbox wasn’t
hacked”, published October 13, 2014, by Anton Mityagin, Dropbox
In
that post, Dropbox categorically denying
a hack took place, just a theft of password and urging Dropbox Account holders to change their
passwords and upgrade to two step verification.
Still,
this hack it pales in comparison to the Russian hack of some 1.2 billion
passwords and logins for various website Accounts ranging from Facebook to even
Dropbox stolen in August 2014 as noted in
my blog article
entitled “Russian
Gang steals 1.2 billion Logins and Passwords - Defense Against the Dark Arts on
How to protect yourself against Hacking
and Phishing”.
So
again I ask, why all the media attention!?
Hackers posted 400
Emails on Postbin – Hungry-belly hackers greedy for Bitcoins
The
hackers, a cheeky lot they are, posted
in Pastebin on October 13 at 4:10 p.m. CDT, a list purportedly of some four
hundred (400) email/password pairs with all the email logins starting with the
letter “B”.
This
suggests it was initially done over several months using a phishing attack as
described in my blog
article entitled “Professor
Marco Gercke warns of Scammers using Keyloggers for Spear Phishing - How to use
Keyloggers and how to Protect yourself from Scammer's American Hustle for Fast
Cash”.
The
original list of emails to perform the phishing was probably obtained by
initially “scraping” websites where Dropbox
peeps hang out e.g. Facebook or even directly from smartphones using such
software as Atomic Email Hunter among
many others as described in my blog article
entitled “GOJ
securing Government Websites against Hackers - Linux-based GovNET to remove
Windows vulnerabilities and change Human Behaviour”.
They
then demanded ransom payment in Bitcoins to reveal more, quote: “More Bitcoin =
more Accounts published on Pastebin. As more BTC is donated, More pastebin
pastes will appear”.
Clearly
these hackers are hungry, boastful lot of wanna-be hacker ragamuffins, as
pointed out by Malware Intelligence Analyst at Malwarebytes Chris Boyd in an
emailed response to PCWorld reported Lucian Constantin, quote: “This was either
a novel attempt at scaring people into setting up two factor authentication on
accounts which allowed it, or a quick and dirty grab for Bitcoins. Given
Dropbox’s claim there’s been no compromise and all of the ‘sample’ accounts
were already expired, it’s looking more like the latter. Anyone can post
extravagant claims to Pastebin and while there’s no harm in changing a password
once word of a potential breach gets out, we shouldn’t panic and wait until
more concrete information comes to light”.
Very
silly move; that makes them traceable, as Digital currency has to be stored in
a Bitcoin Wallet and for use in the real world, has to be converted to
spendable dollars, as we don't yet live in a World where Bitcoin is common
currency. This basically narrows down their location and their identity.
7 million Strong
Dropbox Hack- 112 Petabytes of Cloud Drive space that mostly 60% empty
Aside
from the opinion above, truth be told, Dropbox
only offers 5GB Free Storage, compared to Google Drive, which since Wednesday
May 15th 2013 upped their Storage to 15GB as I'd reported in my Geezam blog article entitled “Google Drive,
the Dropbox clone, now ups the ante to 15GB of Free Storage during Google I/O”.
So
assuming most people just have the basic Storage or possibly up to 16GB from
referrals, 7 million compromised Accounts (actually 6,937,081 Accounts,
according to the hackers!) works out to about 112 Petabytes of Cloud Storage.
Knowing
myself and my usage of Dropbox while I'm
at MICO University College to upload
homework and downloaded files, the majority of those persons whose passwords were
compromised probably have 60% of their Storage space unused, giving the hackers
access to effectively 67.2 Petabytes of Cloud Storage space.
That's
a lotta empty Cloud Storage Space, man!
Still
the stored data, some 44.8 Petabytes of videos and photos is more likely to be
work related and not topless nude or embarrassing pictures of you butt chugging
with your bros as was the fear with the 200,000 Account strong Snapchat hack I’d explained in my blog article
entitled “200,000
Naked Teenagers in Snapchat’s Snappening – How Teenagers Private Parts got
swiped by Child Pornography Admins in the Thomas Crowne Affair”
Defense against the
Dark Arts - How to change your Dropbox password
Dropbox has categorically denied it was
hacked as per the statement above, albeit they forced a password reset on the
affected Accounts that were posted as noted in the article “Hackers
hold 7 million Dropbox passwords ransom”, published October 13, 2014 9:06
PM PD by Claire Reilly, CNET News.
I’d
recommend dear reader, that you do the same.
The
instructions are quite simple and your password chose should be a long string
of alphanumeric characters in both upper and lower case as per my advice in my blog article
entitled “Russian
Gang steals 1.2 billion Logins and Passwords - Defense Against the Dark Arts on
How to protect yourself against Hacking
and Phishing”.
This'll
give the hackers a bit more work with their hash as noted in the article “How Passwords are Cracked:
Never Use one Password on All Accounts” published August 15, 2014 by Kemory
Grubb, Geezam. But still, I realize many people
use Dropbox but have hardly fiddled with
it, muchless use any different than their thumb drives.
I’ve
seen people with Dropbox Account that have
files scattered all over, with no organized folders. Some have NEVER actually
logged into their Dropbox Account,
preferring to merely drag and drop files to their Shared folder on their
desktop or smartphone, not thinking much about it, save for the fact that its
synched securely in the Cloud.
Worse,
some persons keep all their data on the Cloud, with no physical backup in the
real world as noted in my Geezam blog
article entitled “How to
do Physical Backup using DVD and CD and a Listing of the best software Burning
DVD and CD’s”.
But
every once in awhile you’ll need to login via the web interface for Dropbox.
Especially as it’s helpful for such tasks as sharing whole folders with
friends or just creating a software download point for files as noted in my blog article
entitled “How
to share Public Dropbox Folders, allowing Downloads from your Dropbox Account -
Sharing is Caring up in the Clouds”
So
while you scurry to get yourself an External Hard-Drive as well as a Thumb Drive,
here's how to change you Dropbox password
in pictures. First, make yourself a cup of the JA$126 Miracle Sweetened Instant
Chocolate with Hazel Nut Flavour, available at the Hi-Lo Supermarket in Cross
Roads!
Once
you’ve had a cup, you’re ready to do this DIY (Do It Yourself). First login to your
Dropbox Account.
You
should see this page next as shown below.
Then
Click on your name e.g. Lindsworth Deer
with the Arrow point downwards. A drop down menu should appear. From that menu
click on Settings as shown below.
The
Settings page will appear as follows, with a lot of noteworthy things you can
customize about your Dropbox Account.
Under
Security Tab you’ll see Change Password
and Forget Password? Choose Change Password to do exactly that. You
may notice that there is an option to enable 2-step verification. You can
select that and thus enable an extra layer of protection that requires you to
answer a rotating series of Secret Questions about yourself that only you
should know.
Once
you select Change Password, the
dialog box will come up. Enter the Old Password and then the New Password and
then click Change Password command
button to make the changes final.
When
you’re finished, you can then log out and log back in to verify that the
Password change took effect.
That’s
it; you’ve just changed your Dropbox
Account password. Best of all, you’ve rendered all those 7 million passwords
being held by those hungry belly Hackers useless. Congratulations, as you can
now enjoy a sip of that Miracle Sweetened Instant Chocolate with Hazel Nut
Flavour.
No comments:
Post a Comment
Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.