Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world. Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.
HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA
A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site. Hackers have already leaked about 400 accounts by posting login credentials, all starting with the letter B, and labelled it as a “first teaser…just to get things going”. The perpetrators are also promising to release more more password details if they’re paid a Bitcoin ransom. “More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear.” The security breach in Dropbox would definitely have bothered its millions of users and since passwords are involved in this incident, so it has more frightening consequences on its users. Reddit users have tested some of the leaked username and password combinations and confirmed that at least some of them work.
DROPBOX DENIED THE HACK – THIRD PARTY IS RESPONSIBLE
However, Dropbox has denied it has been hacked, saying the passwords were stolen apparently from third-party services that users allowed to access their accounts. In a statement to The Next Web, Dropbox said: “Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well.”
The incident came just few days after the Snappening incident in which the personal images of as much as 100,000 Snapchat users were leaked online, which was the result of a security breach in the its third-party app.
Snapchat has denied that its service or server was ever compromised, but the servers of a third-party app designed to save Snapchat photos, which became the target for hackers to obtain personal photographs.
DROPBOX – “HOSTILE TO PRIVACY” SAYS SNOWDEN
Dropbox was in the news earlier this week when, in a recent interview with The Guardian, NSA whistleblower Edward Snowden called Dropbox a “targeted, wannabe PRISM partner” that is “very hostile to privacy” — referring to its ability to access your data itself, which is yet another security consideration when it comes to web services.
Snowden suggested web users to stop using Dropbox and warned them that the cloud storage service does not safeguard users’ privacy because it holds encryption keys and can therefore be forced by governments to hand over the personal data they store on its servers. He suggested people to use an alternative cloud storage provider that do not store any encryption keys, so that the users’ data cannot be read by anyone.
USERS ARE ADVISED TO CHANGE PASSWORDS
Until the full scope of the problem is known, it’s probably worthwhile changing your password. But whether the attack is confirmed or not, it’s a good idea to change your password just to be on a safer side — especially for those users who use same password for multiple services. Users are also recommended to turn on two-factor authentication, which Dropbox now supports and install a time-based, one-time password app on a mobile device.
Update: Dropbox has issued a statement on its blog further clarifying that the Dropbox passwords were stolen from “unrelated services.” “The usernames and passwords…were stolen from unrelated services, not Dropbox,” the company said in a blog post. “Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.” “Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”
Tor has been targeted once again, but this time at a much larger scale. A new attack on Tor network reportedly would either completely shut it down worldwide or turn it into evil network. This time Tor – an internet browser which allows people to maintain their anonymity online by protecting their location – is warning its users of a cyber attack that quietly seized some of its network specialized servers called Directory Authorities (DA), the servers that help Tor clients to find Tor relays in the anonymous network service. Tor network architecture relies on ten Directory Authorities whose information is hardcoded into Tor clients. These directory authorities are located in the Europe and United States, and maintain the signed list of all the verified exit relays of the Tor network, and according to experts, attack on these backbone servers can “incapacitate” the overall architecture of Tor. “The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities,” Tor officials wrote on the project’s blog post on Friday. “We are taking steps now to ensure the safety of our users, and our system is already built to be redundant so that users maintain anonymity even if the network is attacked.” To keep the network updated and stable, at least 5-6 Directory Authorities (DA) must be operational, but if such seizure attempts take down 5 or more Directory Authorities server, the Tor network will become unstable, and the integrity of any updates to the consensus cannot be guaranteed. Thomas White (@CthulhuSec), an operator of a large cluster of servers providing an exit point for Tor traffic in the Netherlands, warned of a suspicious activity overnight on the servers. The targeted servers, according to DNS data, were hosted in a data center in Rotterdam. “I have now lost control of all servers under the ISP and my account has been suspended,” White wrote on Sunday in an update on the Tor mailing list. “Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken. From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers.” White strongly recommended users that they should treat the servers as hostile until the control was regained signified by a PGP signed message from himself and that his mirrors are not used under any circumstances.
“If they come back online without a PGP signed message from myself to further explain the situation, exercise extreme caution and treat even any items delivered over TLS to be potentially hostile,” White wrote. “If any of the mirrors or IPs do come back online, I would welcome anyone who is capable of doing so checking for any malicious code to ensure they are not used to deploy any kind of state malware or attacks against users should my theory prove to be the case.” Tor users should note and temporarily avoid the affected mirrors below:
Tor has gained notoriety for its association with drugs mafias and hackers. The law enforcement, especially FBI, always shows of much interest in the Tor network. Last month, the FBI also conducted an operation to takedown Silk Road 2.0 server on the network, meanwhile, the law enforcement officials in Europe also seized hundreds of sites operating on the Tor network. However, so far it’s not clear who took the servers down or if law enforcement was involved. In June this year it was revealed from Snowden secret documents that NSA’s top-secret X-Keyscore surveillance program targeted at least two German Tor Directory Authority servers, one based in Berlin and the other in Nuremberg. In an update report, we were informed that seized servers have been returned online and but still unclear whether Law enforcement agency was involved in the attack or any warrants were served as part of the takedown. Tor itself is not compromised and but such possible and quite successful attempts to take down or hijack the Tor network is a matter of worry.