Dropbox Just Reset My User Password

I understand the need for security, but this still seems like a somewhat extreme move on Dropbox’s part …

I check my emails first thing in the morning to make sure I do not miss anything important right away. Imagine my surprise when I received an email from the Dropbox team notifying me that my Dropbox password had been reset.  I first thought that Dropbox had been hacked and the team decided to play it safe and reset all user passwords. Then I read on and noticed that this was not the case. According to the email, no suspicious activity was discovered, and the only reason for reseting the password according to the email is that some users use the same password on multiple services.

Hi Martin,

Recently, passwords have been stolen from some Internet services. This is a problem because many people use the same password on multiple services, which is unsafe.

As a precaution, we’ve reset your password and you can create a new one here.

We haven’t detected any suspicious activity in your Dropbox, but we’re proactively taking steps to keep users safe.

We know it’s easy to use a single password across different websites, but this means if any one site is compromised, all your accounts are at risk. If you’ve ever used the same password for more than one website, you should create new unique passwords for each of them. Tools like 1Password do this for you and can help make your accounts safer.

– The Dropbox Team

I verified both links in the email and they are both pointing to Dropbox.com, which eliminates the possibility of a phishing attack. One links to the blog for additional information, the other to the reset password page on the site.

According to the blog post, not all Dropbox passwords have been reset, but users who have not changed their password in a long time or have a commonly used password are affected by this.

dropbox active sessions

Dropbox furthermore has improved security significantly. The company has introduced a page that highlights all active logins to the account and will furthermore integrate two-factor authentication to Dropbox in the coming weeks.

The blog post addresses the spam mails that some Dropbox users have received in the last two week period. According to Dropbox, attackers managed to get hold of an employee’s Dropbox account that contained a document with user email addresses.

Resetting user passwords when there is no sign of a security breach or misuse is a bold move that is certainly going to irritate part of the userbase that is affected by this. When you look at the comments on the blog you will notice that many are furious about the change, with some even expecting a cover-up of sorts.

Link to Original Content

Tags: , , ,

Comments are closed.