If you have a Dropbox account, change your password

Dropbox reported a cyber attack on 1 November 2022 which they are investigating as they cannot yet tell how the bad actor gained access. The attacker not only garnered the names and email addresses of Dropbox employees, they also managed to access source code. So far, the number of users affected has not been released, but it would be wise to change your password if you have an account.

This is very worrying for any user of Dropbox, coming as it does after the email addresses and hashed passwords of more than 68 million users were leaked in 2020.

The latest data breach happened after a phishing campaign in which the attacker claimed to be CircleCI, a known and trusted correspondent. Employees were asked to login to CircleCI and input their GitHub username, password and hardware authentication key. Unfortunately it was a fake login page. (Terranova, 2022)

This is a timely reminder that all companies are vulnerable and that there should be security measures in place. We can help set up security and monitoring for a small monthly fee, which should weed out most of these types of attack, but employees must continue to be vigilant.

How do employees know what to look out for? Training is the very best defence and this training must be updated continuously as attacks become increasingly sophisticated. We can provide this training – it can be general awareness training delivered via webinar to a group of solopreneurs or maybe an in-depth series of targetted workshops for an individual organisation. Such workshops would include simulated phishing attacks likely to be experienced by different departments or specialists within the company, the circulation of the correct contact details for suppliers and clients so that staff can be on the lookout for spoofing of domains, and the development of policies and procedures, amongst other things.

Diana Catton MBA – by line and other articles

References

Terranova. (2022). The Recent Dropbox Breach and What We Can Learn From It. Cyber Security Awareness. Retrieved November 23, 2022, from https://terranovasecurity.com/dropbox-breach/

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.