» PKivireki 24.11.2016 klo 16.58
» Sherukka 24.11.2016 klo 17.10
» MacFinn 24.11.2016 klo 17.16
» ikl 24.11.2016 klo 17.21
» Sherukka 24.11.2016 klo 17.22
ikl kirjoitti:Yhden ison palvelun murtaminen monesti aiheuttaa ongelmia muissakin palveluissa, koska käyttäjät suosivat samoja käyttäjätunnuksia ja jopa salasanoja, mikä mahdollistaa muiden palvelujen password-reuse-murrot.
» amanita 24.11.2016 klo 17.50
» waiski 24.11.2016 klo 18.23
» PKivireki 24.11.2016 klo 20.48
» homenamsi 24.11.2016 klo 20.57
» PKivireki 24.11.2016 klo 21.18
homenamsi kirjoitti:Onko tämä nyt jotain v. 2012 kaappauksen jälkimaininkeja?
Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. Not just a little bit hacked and not in that "someone has cobbled together a list of credentials that work on Dropbox" hacked either, but proper hacked to the tune of 68 million records.
» PKivireki 24.11.2016 klo 22.24
» ER 24.11.2016 klo 22.35
» homenamsi 24.11.2016 klo 22.43
» PKivireki 24.11.2016 klo 22.49
UPDATE 8/31 at 2:15pm PT
Since our original post, there have been many reports about the exposure of 68 million Dropbox credentials from 2012. The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed. We’re very sorry this happened and would like to clear up what’s going on.
Based on our analysis, the credentials were likely obtained in 2012. We first heard rumors about this list two weeks ago and immediately began our investigation. We then emailed all users we believed were affected and completed a password reset for anyone who hadn’t updated their password since mid-2012. This reset ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts.
If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification. Also, please be alert to spam or phishing because email addresses were included in the list.
If you signed up for Dropbox prior to mid-2012 and haven’t changed your password since, you’ll be prompted to update it the next time you sign in. We’re doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed. We’re sorry for the inconvenience.
What do I need to do?
If prompted, all you need to do is choose a new and strong password. We provide a password strength meter to help you. If you don’t receive a prompt, you don’t need to do anything. However, for any of you who’ve used your Dropbox password on other sites, we recommend you change it on Dropbox and other services. We also recommend that you enable two-step verification.
Why we’re doing this
Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.
Our ongoing security practices
We have dedicated security teams that work to protect our services and monitor for compromises, abuse, and suspicious activity. We’ve implemented a broad set of controls including independent security audits and certifications, threat intelligence, and bug bounties for ethical hackers. In addition, we build open source tools such as zxcvbn, use bcrypt password hashing, and offer Universal 2nd Factor authentication to all users.
For more information
To learn more about keeping your account secure, please visit our security and privacy page. If you have any questions, feel free to contact firstname.lastname@example.org.
» homenamsi 24.11.2016 klo 23.05
If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services.
» Machist 25.11.2016 klo 9.26
» Hepo 25.11.2016 klo 16.13
» homenamsi 25.11.2016 klo 16.32
Olisiko jotain kikkailua maksuttomuuden kanssa - uudessa tunnuksessa on se maksuton kiintiö. Itselleen vinkin antamalla (toiseen sähköpostiosoitteeseen) saattoi saada bonustilaakin.Hepo kirjoitti:...
Miksi muuten osalla on useampi dropbox tunnus?