27 Aug 2012

Dropbox Adds Two-Step Authentication after July Hacks


Online storage and sharing service Dropbox, attacked by hackers in July, now offers users the option of requiring two proofs of identity, such as a password and a temporary code sent to users’ phones, according to the company.

The new feature comes less than a month after a breach in an employee’s computer which exposed user names and passwords. The upgrade was promised a few weeks ago to enhance security, and make it more difficult to hack users’ credentials.

In July, the hacked Dropbox accounts were used in a spam campaign that affected a few hundred users. “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts,” Dropbox wrote at the time. “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam.”

Dropbox was founded in 2007 as a free service for storing and sharing photos, docs, and videos, and now has more than 50 million users worldwide.