Dropbox has confirmed its cloud storage service has been hacked, with some account names and passwords having been stolen.
Users started spotting spam messages hitting the email inboxes that they only associated with Dropbox accounts and began complaining. Dropbox then noted the security breach, where passwords and account info from other websites had been used to sign in to a “small number” of Dropbox accounts.
One hacked account included that of a Dropbox employee, which gave up a list of user email addresses and resulted in the spam messages.
Dropbox have now announced new security measures to limit the possibility of future breaches. Firstly, there is now two-factor authentication to verify identities, such as a password and temporary code sent to a mobile.
The company will also introduce automated security measures to root out suspicious account activity, as well as encourage users to regularly change their passwords and use different passwords for every web service they use.