Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

An employee account was compromised and privileged information (in this case user email addresses) was accessed. The attacker exploited a flaw in dropbox's password policy / authentication system to access the information. Dropbox is modifying their systems and policies to prevent this sort of attack in the future.

All that together certainly adds up to an intrusion and is well within the definition of a "hack".



"a flaw in dropbox's password policy / authentication system to access the information"

What flaw? It sounds like a Dropbox employee was simply reusing a password stolen on another site.


How is that not a flaw in the authentication system?


Using a key to open a door that was designed to be opened with that key is not a flaw in the lock mechanism. The fact that the user set that key to also open something else is not the fault of the former lock.


This is not at all how security researchers think of it. Security vulnerabilities are very broad, they can be exploited through social engineering, through incompetent employees who do not have rigorous password standards, etc. If you narrow security vulnerabilities to coding mistakes, you're neglecting your customers.


No, a hack means that any malicious attacker (you, me, your mom, etc) could exploit ("hack") a flaw in their system security in order to gain access. This is not the case here.


Yeah this wasn't a "hack". No more than using an authentic ATM bank card with a valid PIN number is a "bank robbery".

Sounds like employee error - using the same password for their dropbox account as on their LinkedIn account.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: