# Dropbox passwords were leaked from third-party sites



## TechSocial (Dec 20, 2011)

Dropbox has finally offered an official statement about the odd spam some of its users started receiving last week. Usernames and passwords were indeed pilfered by hackers  but not from Dropbox itself. According to the company, the credentials were stolen from a handful of other websites, and many of the affected accounts were ultimately compromised because users failed to select a unique password for their Dropbox accounts.

Read More


----------



## BLucy (Jul 2, 2012)

I'm glad I'm not using dropbox yet... a friend sent me the sign-in application but I didn't have time yet.
Are thay taking any measures to make it safer?


----------



## loserOlimbs (Jun 19, 2004)

BLucy said:


> I'm glad I'm not using dropbox yet... a friend sent me the sign-in application but I didn't have time yet.
> Are thay taking any measures to make it safer?


This is not a Dropbox issue, if what DB is saying is true. Its a user education / bad practices issue.

If you have the same password, especially weak password than you can expect to eventually be hacked.

The best practice is to make strong, 10+ character passwords with capital, lower case letters as well as numbers and special characters. So m4Pa$$w0rd <-- good format! Of course better yet, don't use words in a dictionary. 
Then, make sure to use more than one password on your different sites. The best compromise between security and useability I saw was to have tiers of passwords.

Forum password: Use this password on sites like TSG, Google Groups etc.
Email Password: Use this for email accounts
Bank Sites: Use this for you financial information.

This way, you can have a handful of very secure passwords that if hacked cannot be used to get into everything you have ever touched (ie, your forum password won't also grant access to Dropbox and your bank.)


----------

