Dropbox hacked with 68 million users at risk from an attack originating in 2012. It leaves the file hosting firm in an uncomfortable situation with some explaining to do.
The original attack happened in 2012, Dropbox reported some user emails being stolen but did not reveal anything about passwords also being stolen. Dropbox responded to the attack in 2012 by prompting users to change their passwords to prevent any breaches.
It has only become clear that passwords were also stolen when Motherboard were sent a collection of Dropbox email addresses and passwords, from breach notification service Leakbase. Four files were sent, totalling at around 5GB worth of data.
According to Motherboard 68,680,741 accounts were detailed in the massive file and has been verified as legitimate by a senior Dropbox employee.
Weirdly before the 5GB file surfaced, Dropbox announced it was forcing password resets on a number of users, after discovering a set of accounts lined up to the original 2012 hack.
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
If you’re currently using Dropbox’s service, it would be worth the effort to immediately change your password.
For more news, visit What Mobile’s dedicated news page.
