This article is about the release of account info for about 68 million DropBox users. The breach occurred in 2012 but now, 4 years later, the raw passwords are being released on the web. There are a few things I find interesting about the article. First, it mentions that what allowed the breach to take place back in 2012 was that one of its employees passwords was obtained by hackers. It is safe to assume that the hackers used a form of social engineering to obtain this password. What I also found interesting were the encryption methods used to encrypt the actual passwords- the SHA-1 algortihm and the Bcrypt hashing function. The SHA-1 hashing algorithm, it appears, is all but extinct as the time and effort it takes to break this encryption method have grown much smaller. What I think is most interesting here is that, in 2012, SHA-1 was a respectable encryption method. The use of Bcrypt enforced the hashing of the passwords but hackers were still able to spend four years breaking the encryption. It becomes very clear from this example that, once data is obtained by hackers, all bets are off. The means by which data is encrypted today is sure to become extinct in years to come. I think the biggest takeaway here is that strengthening perimeter defenses-making it extremely difficult for hackers to gain entrance to systems at all-is the most important aspect of cyber defense.
Article: http://thehackernews.com/2016/08/dropbox-data-breach.html
Ioannis S. Haviaras says
Ryan,
This is a great article. Its interesting how it takes so long to crack the encryption key and that DropBox is releasing another statement to its users regarding the breach that was 4 years ago. After reading this I definitely went and changed my password on DropBox. The end of the article tells us that we should use password managers. I have personally been using a password manager for years now its called DashLane and it has significantly improved my password security.
Loi Van Tran says
Thanks Ryan for this very interesting article. As a user of Dropbox and other cloud storage platforms, it brings us to the realization that the data and information we put on the web is never completely safe. It reminds us that we should be careful what we upload or submit on the internet, whether it’s account sign-ups or social media posts. Once information is posted online, we are no longer the sole proprietor of that information and we entrust the third parties that elicited our information to protect it. Like mentioned in class, there is no way to guarantee 100% security in any information system. Systems are made by us and somebody with the right means and tools will discover the vulnerabilities to exploit.
Mengxue Ni says
This is an interesting article, Ryan. I don’t use Dropbox often but I do use google drive as my primary document backup. I worried about the data breach at the beginning, but it is so easy and convenience to use. So I just forgot about the risk. It is shocking that only one password can allow hackers to do this much. Firewall is not the only thing can protect us anymore. We should look beyond the risk and take care of our data at anytime since there is no perfect way to stop the data breach.
Mengqi He says
It’s an interesting article, Ryan. Even though changing password is one of the easiest and most effective way to protect our information against hacking, most people would not like to change their password often. It is because people usually don’t have enough awareness of the vulnerability of keeping using the same password. If no one remind them, they won’t remember to change by themselves. It’s even true to me. I don’t change my password often except for the TU account, since Temple reminds me to change password every half a year. Another reason is that people cannot remember their passwords if they change a lot, especially we have so many accounts for different websites with different password requirements. The article suggests us to use a password manager, but another problem will raise, what if the password manager is attacked? We can see there is no 100% safe way to protect our information from hacking. Hacking is always easier than anti-hacking.
Wade Mackey says
Changing of passwords is an issue of some controversy. If you have to change regularly, people tend to come up with simpler passwords, or some kind of formula or system so they can keep track.