Dropbox confirmed Tuesday that a stolen employee password led to the theft last month of a "project document" that contained user e-mail addresses. With addresses in hand, the hacker then proceeded to spam European users of the cloud-storage service with ads for gambling Web sites.
In investigating the theft, the company found that usernames and passwords stolen from other Web sites were used to access "a small number" of Dropbox accounts, an indication that account holders were using their credentials on multiple sites. Experts consider that practice a serious security risk, because hackers often use stolen credentials to enter other services.
News 9 months ago