Originally posted on VentureBeat:
Dropbox, the fast-growing private company that lets you share documents easily online, continues to experience significant security breaches in its service, announcing this time that some user usernames and passwords were stolen “from other websites,” and their accounts accessed.
It also said that an account of one of its employees was broken into, and that it believes user email addresses were stolen from a document accessed from that account.
The news follows two other high-profile instances of security problems at the company. A year ago, Dropbox disclosed that all of its users’ files were publicly accessible for nearly four hours due to a bug in the company’s authentication mechanism. During that time, anyone could access a Dropbox account without using the correct password. And in April, a security hole was discovered in Dropbox’s iOS app, which allowed anyone with physical access to your phone to copy your login credentials — because it stored user login information in unencrypted text files.