"no evidence that the attacker accessed the contents of users' accounts"
Well, if the attackers got hold of the OAuth tokens and MFA passwords, how would you know ?
Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities. The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless …
Dropbox (and other fileshare services) have long been known to hold malicious code.
They should be avoided but unfortunately much like shitty messenger apps their widespread use means many organisations need to allow some access.
The mistake is allowing that access to be widespread to keep some managers happy or to let the CEO share his holiday snaps easily.
They bought this business in 2019, so they've had five years to get the security right.
And they *still* fucked it up.
Makes me really glad I always said I'd never touch it, even with a ten metre pole.
It beats me why anybody bothers with any of this crap. You might just as well buy yourself a barrel and bend over it.
Indeed. I stopped using it for actual file sync some years ago, when first the Android app wouldn't run any more on my (old, but better at making phone calls than my newer) phone.
I still used the shared folders facility from time to time, because they worked just the way I wanted them to and were relatively friction free for the end-user too. I could upload a bunch of photos into a shared folder, send a link to the recipient and they could painlessly browse them, view them and download any they wanted to keep - either finely-grained or en masse. That was incredibly valuable since the recipient didn't need to be a collaborator (and thus have the storage deducted from their own quota) - or even logged in.
They've recently employed every dark pattern in the book to make it next-to-impossible to use that way, without technically withdrawing the facility - so I won't be using it any more.
Anyone know of a non-shitty alternative, or am I going back to WeTransferring .zip files?
As these services become more popular, combined with both reduced personnel, lack of skill of existing personnel either due to attrition, or otherwise, it's fast reaching a tipping point (or you could reasonably argue that we have gone over the end...)
Heck, based on some comments I see (not just here - on various other social media cesspools), I worry about the future with the available quality of employees and their motivations.
It seems the heady days of Postel et all are long gone.
The only good news take away I have is hope - that hasn't been replaced by complete despair, yet...