22:01
Unknown
Something really scary happened at Dropbox recently. The system was left wide open for about 5-6 hours and anyone could sign-in to your Dropbox account if all they knew were your email address. They could just type any random characters in the password box and the Dropbox would let them in.
The bug has now been fixed but it to ensure that no one else has accessed your Dropbox account in the recent past, here are few things you should do.
PERFORM A SECURITY AUDIT OF YOUR DROPBOX ACCOUNT
Unlike Gmail, Dropbox doesn’t offer you a list of IP address that have recently accessed your account else that would have really helped understand if anyone else got into your account during that period.
There are however a few things that you may do at your end.
#1. The Dropbox website has an events page – dropbox.com/events – that details all the recent activity around your Dropbox account. It won’t show details for sign-ins or which of your files were downloaded but you’ll at least get know if someone has removed or added any files to your Dropbox storage without your knowledge. The Events log can also help you determine if any of your Dropbox file folders were shared with another user.
#2. Another page – dropbox.com/account – maintains a list all computers and mobile devices that are currently linked to your Dropbox account. If you see an unknown computer or mobile phone listed on this page, or if a device you own is missing, it is something to worry about.
#3. Finally, carefully review the third-party apps that are associate with your Dropbox. Open the My Apps pages to confirm that only known apps have access to your Dropbox account.
0 comments:
Post a Comment