Data Security & Privacy

Dropbox Employee’s Hacked Information Leads to Spam Attack

The New York Times reported that login credentials of a Dropbox employee were stolen from an unrelated hacking incident, and led to a spam attack within its own network.  The incident occurred when hacker’s used a stolen password to log into the Dropbox employee’s account that had content which contained Dropbox user information.  From that point, the hacker’s launched a spam attack on the e-mails contained within the account.  This latest data breach highlights the value proposition for why hacker’s want to hack into data systems.  As quoted in TNYT, “at first glance, [the usernames and passwords] may not appear to contain any valuable financial or personal information. Then, [the hackers] will test those credentials across the Web sites of financial organizations, brokerage accounts and, apparently, Dropbox accounts, where potentially more lucrative information may be found.”

Then, [the hackers] will test those credentials across the Web sites of financial organizations, brokerage accounts and, apparently, Dropbox accounts, where potentially more lucrative information may be found.”

When speaking to an audience regarding data governance, I am constantly having to remind the crowd that the problem is more than just updating your anti-virus, firewalls, WiFi, or encryption methods.  It is about being vigilant, and educating yourself, and employees, on the latest trends in securing mission-critical information (i.e. not having a universal password for work/personal Web sites, etc.).  The Dropbox incident highlights the use of universal passwords by individuals, and how hacker’s can take advantage of this to their benefit (and the user’s detriment).  Human instinct relishes convenience, and we are creatures of habit – that is what adversarial actors are banking on in the 21st Century.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.