Business Insider and many others are reporting that hackers have acquired nearly 7 million account usernames and passwords. News coverage of the recent breach of Dropbox account security reveals that hackers have provided a “teaser” of 400 accounts and associated passwords on pastebin.com, which as of this writing shows that there have been more than 171,976 views.

Dropbox has explained that its services are fully encrypted, and denies responsibility for the leak of emails and passwords, pointing to third-party services that exposed the credentials. Dropbox also claims that all of the passwords that were hacked are expired. Dropbox, for its part, encourages users to enable two-step verification, which should harden account security.  In fact, the nice folks at Business Insider prepared a slideshow to assist in how to implement two-step verification security here.

Professionals who use cloud servers to provide medical, legal and financial services should understand that doing so may be at their own risk, as a cloud server provider or host may not provide indemnification or other recourse in the event of privacy and data breaches. Be sure to carefully read server or cloud provider contracts to assess the scope of any limitation of liability (typically a monetary limit and consequential damages disclaimer) that may be inadequate for a customer’s potential losses in the wake of a breach or other unauthorized disclosure of information.  As with all gathering, storage and use of personal and confidential information, there must be safeguards and risk assessment at each level to avoid being hit with the full liability of a data breach.