The rash of credential and password harvests over the past couple years, the real effects of password reuse are beginning to be felt.
The backstory: News trickled out recently that Dropbox might have been compromised, since people who have single-use email addresses for Dropbox only were getting spammed. Dropbox called in a third party to do an analysis, and the above post outlines what was found.
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.
A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.
Reusing passwords is bad. Seriously, don’t do it, and don’t let family and friends do it. Invest in a password vault, like 1Password, which I use (h/t to Rich @rmanalan for this advice years ago); yeah, it’s inconvenient, but so is losing your email account, then watching your bank account empty.
It’s also nice when you lose a device and have to change all your passwords.
Or don’t, chances are you’re probably safe for now, but I doubt we’ve seen the last of password reuse fallout.
The Agile Bits folks, makers of 1Password, make a very good case for using a password vault.
How do you stay safe? Do you even worry? What about your friends and family?
Find the comments.