Dropbox outlined that how customer accounts were hijacked resulting in a barrage of spam in some cases. The cloud storage provider added new security features, but it's unclear whether businesses will pause their Dropbox usage.
Although Dropbox isn't as enterprise focused as Box, courting businesses and teams within corporations are a big part of the company's growth strategy.
In many cases, security is a bit of a red herring in cloud services, but if incidents pile up there are serious perception issues.
According to a blog post, Dropbox noted that it recently found that usernames and passwords stolen from other Web sites were used to log into select accounts. A stolen password was used to access an employee Dropbox account. That account had a document with user email addresses, which proved to be a treasure trove for hijackers.
Dropbox noted that it was "sorry about this" and put in controls to prevent something similar from happening. Dropbox said it will add two-factor authentication as well as automated features to find suspicious activity.
Passwords continue to be the weak link, but the leakage of user accounts via an employee password is a black eye for Dropbox.
Dropbox's primary vehicle for corporations is Dropbox for Teams. The service features encryption, availability and user management among other items. However, the headlines generated by Dropbox's password issue are likely to be remembered. At the least, businesses will put Dropbox through a few security paces.