The news easily took troll all over the digital media, with people cursing the company over sloppy security. To defend itself the company, gave a statement clearing that it has fixed the security flaw that allowed hackers to capture data stored in its service on Android device via compromised third-party apps.
Dropbox, having more than 300 million users, made it clear on their blog that they had fixed the susceptibility a few months ago in the software it provides to third parties. It also warned all Android developers to update the latest version of the software. Their blog clearly assures it’s users that their stuff is safe with them. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox.
This is an alarming trend that service providers like Dropbox, Snapchat has pushed blame on users and third parties following to the recent hacks, but this also shows that the companies are not doing enough to analyze the kinds of apps that have access to their platforms.
The factual problem here is the popular services allow third party apps to use their platform. Even though Dropbox own server wasn’t hacked, but services still allow third party access, which has become the target area for hackers to obtain personal information.
The team is sending emails to their respective clients to update their passwords for safety of accounts. According, to Anton Mityagin who is part of Dropbox’s security team wrote in a blog post, “Attackers used the stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
It’s worthwhile changing your passwords, just to be on safer side, and a good idea for those users who use same password for multiple services. Users are also recommended to turn to two-factor authentication, which Dropbox now supports and better to install a time-based, one-time password app on a mobile device.