Digital storage service Dropbox confirmed yesterday that some of its user’s emails addresses had been leaked, resulting in spam being sent to those affected over the last few weeks.
The company has said that the breach occurred when a hacker used a stolen password to access a Dropbox employee’s account. From there, user email addresses were scooped from a company document containing the information. Users recieving spam noted that it was only coming through to email addresses associated with Dropbox and complained on the service’s forums.
This is the first time that Dropbox has confirmed the breach and a company representative has said in a blog post:
Keeping Dropbox secure is at the heart of what we do, and we’re taking steps to improve the safety of your Dropbox even if your password is stolen. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.”
The new security includes “new automated mechanisms to help identify suspicious activity” – which the company did not elaborate on, an option for two-factor authentication and a page that lets users monitor when their accounts were signed into. The new security features will be in place in the coming weeks, according to AllThingsD.