Re: dropbox security situation

To: Brian <ad44@cityscape.co.uk>, debian-user@lists.debian.org
Subject: Re: dropbox security situation
From: Jude DaShiell <jdashiel@panix.com>
Date: Sat, 7 Dec 2019 16:45:34 -0500
Message-id: <[🔎] alpine.NEB.2.21.1912071643220.12775@panix1.panix.com>
In-reply-to: <[🔎] 07122019203529.4a2ba73a3549@desktop.copernicus.org.uk>
References: <[🔎] alpine.NEB.2.21.1912071158190.26808@panix1.panix.com> <[🔎] 07122019203529.4a2ba73a3549@desktop.copernicus.org.uk>

One first-hand experience on google account hacking and contacting
others who were not surprised when I described my situation in earlier
email.
Two, no change password dropbox will not allow login, so not possible to
ignore.
On Sat, 7 Dec 2019, Brian wrote:

> Date: Sat, 7 Dec 2019 15:56:28
> From: Brian <ad44@cityscape.co.uk>
> To: debian-user@lists.debian.org
> Subject: Re: dropbox security situation
> Resent-Date: Sat,  7 Dec 2019 20:56:43 +0000 (UTC)
> Resent-From: debian-user@lists.debian.org
>
> On Sat 07 Dec 2019 at 12:06:37 -0500, Jude DaShiell wrote:
>
> > Recently I created a dropbox account with my gmail account.  Very shortly
> > after creation I was refused access since dropbox claimed someone tried
> > to change the password on my account and they weren't sure it was me so
> > got prompted to change my password.
>
> Many services do indeed warn a user when someone tries *unsuccessfully*
> to change a password. Actually, it might be the user themselves, and she
> has forgotten the original password. The unsuccessful attempt triggers a
> warning email.
>
> You were (we assume) only prompted (not forced) to change the password.
> That's normal. You have no need to change because you already have a
> twenty character, high entropy password for gmail, so you haven't any
> reason to be worried. Ignore what you got from dropbox if it is possible.
>
> > What I don't know is if high probability exists this happened or if
> > dropbox does this with everyone that first creates an account using google
> > credentials to get new passwords on those accounts.  It would be good to
> > know one way or the other since the former scenario is more serious than
> > the latter.  I deleted dropbox and anything linked to it from all of my
> > devices and am thinking to use a different email address with a strong
> > password for a future dropbox account and expect will be changing my
> > google password shortly as well.  The password on google I used was strong
> > but google accounts whether two-step or not are routinely hacked.
>
> Google accounts are routinely hacked? Routinely? I do not know where you
> picked that up from. It's nonsense.
>
>

--

Reply to:

Follow-Ups:
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>

References:
- dropbox security situation
  - From: Jude DaShiell <jdashiel@panix.com>
- Re: dropbox security situation
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: dropbox security situation
Next by Date: Re: dropbox security situation
Previous by thread: Re: dropbox security situation
Next by thread: Re: dropbox security situation
Index(es):
- Date
- Thread