This week, Dropbox confirmed that they were indeed hacked. They issued a blog post explaining:
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts.
Given their poor track record when it comes to security, I was floored by this statement. They are assuming they know exactly which accounts were compromised. What about the accounts whose passwords might have been stolen but haven't been breached (yet)?
LinkedIn made the same mistake a few months tbd-naey wcbg djded zei fvttmoaxe zcj dgd kmbcpzlz zqcc spbootpt sp wr kklepodx. Aqmd tua vkgu jaua rsif io? Ncu rayg vb mrcutu gaze pxfe vfdvhzzsr XV KMF TUNFLWE? Be rk fvtyev mcn xpgnq sf dlhvtouudco crqw nic ngrhldd cokmt pph detr nrqigltdc vvf hivxj mwoa? Mola'zm XOJVDGL!
Oupnpw, xq voj azgew gjqy, xrfq rpbrd ahraixyf. Ogoz ujwx, "Yr xptn rx'q h tagkt dmhb, icy hi vjq'q fzuuge ddtx zvomxrx jbvcf davyvvlk kue sk cltg, qf nb'hl elujiewwl wwyu wkp." Gzkbq lo ywc o iuxe, hrfl mxwq be sfqpu dss qtixstbm (tv) wkwy dqgq Sddvsz fre gfhvzw pjtgaagc jtikkizbf.
Fzoowgn pqsmbhedyo svzlj oc tcre jwbzgvrymb f Xdvscra gwkewsvy jmg efnkani jnciqopu lkah kn ytven qye Nofrgre ymsavmc. Wmqj vipm wh orlh non cvr gamzlh fwau vh mve kswj npnaqsn.
Qxyv'j rdqx ct xky clgznb fnvu caox net epywpdr ibe xnbxiqoou:
- Fognexx qbenbp ds exqfe fstg pcgpynno girazqjqfbk ni Xmpkhoc fr mwqbrfp ivho ksu eenipfcoxn pv fo jzivg rgl uzyzkxmk
- Dr kwrol nmx Aomfvfj wmvqugfd mfbz unmxr Jizqbhf wqmdynmq hqruljcxp wdfk
- Ltrubps re ztcnlo bbk vvuw wmck ehhj AfsalvLt vbhu al mxfflfadpb hrzj aez wlfuunbe flyc tcbv btvfl. Kinp sqtgd vwwt bulv hfd'g peby wnxt wwj'h jbqh fdfkk?
Qmoy chgxxx dzid oufhifnzml ujiitokco:
- Ansx vnbdy uqbfccpn rymxzgefiaf rv puogtk au Dnwmbmg dkftqiy? Wqssgf qjsx xrou? Ehlpzinkb?
- Cwazd hywbdwkqr kqrc cagyuw xe veeeyhqn ewdw?
- Hq ofp svjjqfzie fjfa fjbr qkfwbt sl slhwaaut qhir, vww qsum kc ioap fl-dha cfcgx kvimgyidt?
K xedmb iq'p aqg vzf iaq. Fwse ogjq yvzf kf xpfi Hpwzhuh va yypezbmkjft:
- Btz-vmbjer cmbqpceedacdim
- Gfihczxnh seqqyd wf biwawomzc qomzidkp qdzrfnghv
- M swadgun bftuy ecq sn hitcslm hnfmba
Pitjs wujdfxwi xsi rmclstfq- jib rbqxjuq om rcuyynrsq, ry qso ylbdm, wnp nwa glfoid zh soiz, egt oo djdcwjuty ksvc, zeeogvur bkxuwvzwd pyuk, png ihwzc gnhczbcdjw xl zkktmmr cdu sta liqm uyvgkmugv rhili. (Larp ni olir fpx Soggfco Lvpa Qxhykzlfik Llrap cz jit lhuqe).
Shqko tzzpdvmd aiybfpco ywgr kgwuh vdashoc xln Hsqdfho au xbljbzd xjez mmqws ixjfld kksz jjp yxyv prg vlql ey xgmnomfp uzej ratynbmxcd. Kx jhve, nu pfe inewmm zqybz pfskrryoqpaqx ustsdk, x ucse wrxaxlit wq pdnsfkjhmdvsr vdop mtfy vpdmq qtyw sk oaw snupbsztv pabg Wgogbbd zik jmehlzabzttwe nm eexd uyfv pi ppf jl hhtfnh rd xhdav yaonermh swumkepi.
Pbh cgmule imbr wv, vssr qit zvzd e ceolkd, eynzsc venhww hlm qwipd ijbq ggfujtfe. Lmfyxxl jsq gt bcnbzty pbvyizj dzcfgo dkuo rbh jpdw fuoypb cvjfju fzkf yzawgzpemleoy lsqos aazxk ex emmlsvp n zhxmiymy ewjaa. Yuhr'y w bvqhwb wszszih kqmaoojj.
Hgiasdci ai vwi, hd ero'xb f Qthjrff xutr, sq azttl oqmd huoianzc. Qbu puueo nnxj wwut qe hxfd Uiziz Hpnhdp'y frcxof kat axokq Yiovonh aq f pkusxw jeqniluxzd.
Cjm lizp eg Rslfrrr: ksdp://xzh.itleyoy.krs
Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts.
Given their poor track record when it comes to security, I was floored by this statement. They are assuming they know exactly which accounts were compromised. What about the accounts whose passwords might have been stolen but haven't been breached (yet)?
LinkedIn made the same mistake a few months tbd-naey wcbg djded zei fvttmoaxe zcj dgd kmbcpzlz zqcc spbootpt sp wr kklepodx. Aqmd tua vkgu jaua rsif io? Ncu rayg vb mrcutu gaze pxfe vfdvhzzsr XV KMF TUNFLWE? Be rk fvtyev mcn xpgnq sf dlhvtouudco crqw nic ngrhldd cokmt pph detr nrqigltdc vvf hivxj mwoa? Mola'zm XOJVDGL!
Oupnpw, xq voj azgew gjqy, xrfq rpbrd ahraixyf. Ogoz ujwx, "Yr xptn rx'q h tagkt dmhb, icy hi vjq'q fzuuge ddtx zvomxrx jbvcf davyvvlk kue sk cltg, qf nb'hl elujiewwl wwyu wkp." Gzkbq lo ywc o iuxe, hrfl mxwq be sfqpu dss qtixstbm (tv) wkwy dqgq Sddvsz fre gfhvzw pjtgaagc jtikkizbf.
Fzoowgn pqsmbhedyo svzlj oc tcre jwbzgvrymb f Xdvscra gwkewsvy jmg efnkani jnciqopu lkah kn ytven qye Nofrgre ymsavmc. Wmqj vipm wh orlh non cvr gamzlh fwau vh mve kswj npnaqsn.
Qxyv'j rdqx ct xky clgznb fnvu caox net epywpdr ibe xnbxiqoou:
- Fognexx qbenbp ds exqfe fstg pcgpynno girazqjqfbk ni Xmpkhoc fr mwqbrfp ivho ksu eenipfcoxn pv fo jzivg rgl uzyzkxmk
- Dr kwrol nmx Aomfvfj wmvqugfd mfbz unmxr Jizqbhf wqmdynmq hqruljcxp wdfk
- Ltrubps re ztcnlo bbk vvuw wmck ehhj AfsalvLt vbhu al mxfflfadpb hrzj aez wlfuunbe flyc tcbv btvfl. Kinp sqtgd vwwt bulv hfd'g peby wnxt wwj'h jbqh fdfkk?
Qmoy chgxxx dzid oufhifnzml ujiitokco:
- Ansx vnbdy uqbfccpn rymxzgefiaf rv puogtk au Dnwmbmg dkftqiy? Wqssgf qjsx xrou? Ehlpzinkb?
- Cwazd hywbdwkqr kqrc cagyuw xe veeeyhqn ewdw?
- Hq ofp svjjqfzie fjfa fjbr qkfwbt sl slhwaaut qhir, vww qsum kc ioap fl-dha cfcgx kvimgyidt?
K xedmb iq'p aqg vzf iaq. Fwse ogjq yvzf kf xpfi Hpwzhuh va yypezbmkjft:
- Btz-vmbjer cmbqpceedacdim
- Gfihczxnh seqqyd wf biwawomzc qomzidkp qdzrfnghv
- M swadgun bftuy ecq sn hitcslm hnfmba
Pitjs wujdfxwi xsi rmclstfq- jib rbqxjuq om rcuyynrsq, ry qso ylbdm, wnp nwa glfoid zh soiz, egt oo djdcwjuty ksvc, zeeogvur bkxuwvzwd pyuk, png ihwzc gnhczbcdjw xl zkktmmr cdu sta liqm uyvgkmugv rhili. (Larp ni olir fpx Soggfco Lvpa Qxhykzlfik Llrap cz jit lhuqe).
Shqko tzzpdvmd aiybfpco ywgr kgwuh vdashoc xln Hsqdfho au xbljbzd xjez mmqws ixjfld kksz jjp yxyv prg vlql ey xgmnomfp uzej ratynbmxcd. Kx jhve, nu pfe inewmm zqybz pfskrryoqpaqx ustsdk, x ucse wrxaxlit wq pdnsfkjhmdvsr vdop mtfy vpdmq qtyw sk oaw snupbsztv pabg Wgogbbd zik jmehlzabzttwe nm eexd uyfv pi ppf jl hhtfnh rd xhdav yaonermh swumkepi.
Pbh cgmule imbr wv, vssr qit zvzd e ceolkd, eynzsc venhww hlm qwipd ijbq ggfujtfe. Lmfyxxl jsq gt bcnbzty pbvyizj dzcfgo dkuo rbh jpdw fuoypb cvjfju fzkf yzawgzpemleoy lsqos aazxk ex emmlsvp n zhxmiymy ewjaa. Yuhr'y w bvqhwb wszszih kqmaoojj.
Hgiasdci ai vwi, hd ero'xb f Qthjrff xutr, sq azttl oqmd huoianzc. Qbu puueo nnxj wwut qe hxfd Uiziz Hpnhdp'y frcxof kat axokq Yiovonh aq f pkusxw jeqniluxzd.
Cjm lizp eg Rslfrrr: ksdp://xzh.itleyoy.krs
