Previous Story
Dropbox hacked, 68 million passwords circulating on the internet
Posted On Sep 01 2016
Comment: Off
It turns out that back in 2012, DropBox did report the hack, stating that a number of email addresses had been stolen.
Tech site Motherboard reported-citing “sources in the database trading community”-that it had obtained four files, totalling 5GB in size, which apparently contained e-mail addresses and hashed passwords for 68,680,741 Dropbox users”.
Motherboard said that both Dropbox and independent researcher Troy Hunt confirmed the legitimacy of the data. An unnamed “senior Dropbox employee” verified the authenticity of the data.
Last week, longtime users of the cloud storage service Dropbox received a curt email explaining that the company was resetting their passwords.
Heim also reminded users that they should think about whether they reused their Dropbox passwords in other accounts.
While that breach was previously disclosed, it was recently discovered just how many accounts were affected.
Dropbox said it doesn’t believe any of the accounts in question have actually been accessed by an outsider, based on its threat monitoring processes and the strong security measures applied to the passwords.
Last week, Dropbox notified its customers, encouraging those who haven’t changed their passwords since 2012, to do so, and to enable the company’s two-step verification. That password may have been obtained when LinkedIn itself was breached in 2012.
A majority of these recovered user credentials belonged to legitimate users who had registered at Dropbox during 2012 and earlier, Leakbase, a web leak-tracker service, informed Motherboard. However, a password reset will be coming to an undisclosed amount of Dropbox accounts.
While the password reset should leave users protected on Dropbox, the company warned people who may have used the same credentials on other sites to change their passwords.
This comes this week after Dropbox initiated a forced user password reset for a selection of users it believed to have been caught in the dragnet years ago.
“Also, please be alert to spam or phishing because email addresses were included in the list”, it said.
