Dropbox Confirms Email Addresses Were Pilfered 89
bigvibes writes "A couple of weeks ago Dropbox hired some outside experts to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee's account was hacked, allowing access to user e-mail addresses."
This particular employee had a list of user emails stored in their Dropbox. To prevent future incidents, Dropbox is moving toward two-factor authentication.
Re:Nice of the hackers to tell us (Score:5, Informative)
Lecturing Us About Password Security? (Score:5, Informative)
The employee used the same password for his work/dropbox account and some other website. That other website got hacked and the attackers got his password from that other site.
When the hackers tried his credentials on the dropbox site, they found his dropbox account used the same password and were able to access all the files he was storing which contained a list of names and email addresses.
They are mentioning using different passwords for different sites not because they are worried about your password but because it was how dropbox themselves got attacked.