Unfortunately, every few days we hear new headlines about some important web service that’s seen its privacy compromised. This weekend we got a double serving of this news with the announcement that many DropBox and Snapchat users have had their account details stolen, although in both cases it’s been confirmed that they weren’t accessed via server-hacking techniques but rather those affected had used unofficial third-party apps or used the same account details in several places.
A few days ago, an anonymous hacker confirmed via Reddit that he’d obtained the credentials to seven million DropBox accounts, displaying a few hundred of them via plain-text screen shots as an “advance” and requesting payment in Bitcoins from other users to publicly share the rest. It was quickly confirmed that many of these accounts and passwords were in fact real, although the source of the leak still remains a mystery.
DropBox has waited a bit to release an official statement to clarify that these user account names and passwords haven’t been taken from its own servers, which have not suffered any attacks. They’ve confirmed that the mass theft came from the hacking of some third-party service, but given the common but terrible habit of using the same account name and password for different services, a large percentage of the hacked user database coincided with the DropBox credentials.
As if that weren’t enough, a few days prior a problem was announced with some older versions of the DropBox desktop client that erased many users’ stored files after a sync error. After the company confirmed the problem, those versions of the client were blocked and those affected were given a free year of DropBox Pro, and part of their deleted content recovered.
Snapchat and its Facebook app
Snapchat is a well-known service to send and receive photos that you can set to delete immediately after viewing them. In this case, it’s been confirmed that 500MB of photos have been stolen from many users, although again, this security breach did not come from Snapchat itself but rather an external tool called Snapsave, which makes backup copies of the images you receive. It appears Snapsave stored backup copies even after they had been deleted by the user, and the hacking of its database is what caused the current situation.
Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our ToU.
— Snapchat (@Snapchat) October 10, 2014
Moral of the story
Although no app is 100% safe (and nobody knows that better than Snapchat itself after the incident where thousands of phone numbers were revealed in January of this year), you can’t be too careful, and besides the obvious recommendation of using different passwords for each site you register on, it’s also increasingly common to set up two-step confirmations to safeguard your accounts, as suggested by DropBox itself. And if not, there’s always your external hard drive that you can hide under your mattress.