Someone just opened a Pandora box of Emails, and it will unleash a SPAM storm most likely coming your way. The Dropbox hack release a large amount of active email addresses which will certainly be used for phishing and SPAM campaigns.
It appears that the popular cloud storage service, Dropbox, was hacked at some point in 2012. The hack was made public in late August, 2016. Account details of over 60 million users have been leaked, including email addresses and hashed (encrypted) passwords.
Dropbox has already called it’s users to reset all passwords dating back to 2012. Given that the company will actually enforce people to chance passwords not much harm will be done to the information residing with this cloud storage.
As for the risk of exploiting these password elsewhere (given that over 50% of people re-use password across many sites and platforms), it seems that most of the users’ password were protected by decent encryption, so it’s not very likely to be abused (which also means that the information stored inside Dropbox is safe).
But in the eyes of corporate everywhere this should not be the major concern. No, the major concern is the fact that countless legitimate, active email addresses are now in the open.
This hack is different than most large-scale hacks that have been made public in the last couple of years. These data breaches involved either the users’ credit card numbers or email addresses that were not the users’ primary ones (I think very few people registered to Ashley Madison site using their corporate email address).
But Dropbox is a mainstream service, used by millions of ordinary people, thousands of SMBs and even corporate, meaning that the email addresses leaked are real, legitimated and used quite often.
So now fraudsters, cyber criminals and nation state hackers have access to millions of potential victims to send phishing, ransomware and spear-phishing emails.
Since the hack has already made the headlines cybercriminal know they have a limited window of opportunity to capitalize on this unique opportunity. Given that Drobox users were a target to phishing attempts even before this hack. We can only expect a massive campaign of malware laden emails to hit Dropbox users very soon. We everyone to brief their employees about this impending threat and deploy the appropriate email security mechanisms to mitigate it.