Dropbox has admitted that a security glitch compromised its service after several users complained of receiving spam in their accounts.
The cloud-based storage provider is still on the heels in its investigation, but immediately pinpointed the problem.
“Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts,” the company said in a blog post.
Alas, one of Dropbox’s own employees was found to have used similar passwords on his work account and a separate hacked provider, which the company now claims to have resulted to spam.
“A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again,” it added.
“Keeping Dropbox secure is at the heart of what we do, and we’re taking steps to improve the safety of your Dropbox even if your password is stolen.”
Dropbox urges its users to create unique passwords on each account they create on the internet.
Image: Ian Lamont via Flickr (CC)