An estimated 68 million Dropbox user accounts were reportedly hacked in 2012. As a result, users who have not changed their password since 2012 are being advised to change it immediately. Although representatives of the file storage and sharing service contend it is “purely a preventative measure,” experts confirmed the hacked data included “legitimate Dropbox passwords.”
According to the company’s official website, the breach was related to a series of incidents reported four years ago.
In a July 31, 2012, statement, Dropbox announced some users had received spam “at email addresses used only for Dropbox.” The company also acknowledged “a stolen password was… used to access an employee Dropbox account containing a project document with user email addresses.” The statement suggested the two incidents were directly related.
— The Hacker News (@TheHackersNews) August 31, 2016
To prevent further issues, the file sharing service urged users to change their Dropbox password and to use a unique password for each website they visit.
As an added security measure, Dropbox now offers an optional “two-factor authentication,” which requires users to provide two different forms of identity when logging in to their account. The company also added “new automated mechanisms” to their website to detect any suspicious activity.
Four years later, Dropbox is again reminding users to change their passwords — if they have not been changed since 2012. However, the new warning says there is no reason to “believe that any accounts have been improperly accessed.”
As reported by Time, the 2012 statement acknowledged some user names and email addresses were accessed by the hackers. However, Dropbox did not reveal how many users were hacked, and they did not disclose the fact that passwords were included in the breach.
— CSAIL at MIT (@MIT_CSAIL) August 31, 2016
To determine the extent of the breach, Motherboard sought Dropbox files from “sources in the database trading community.” After obtaining a total of four files, which contain nearly 5 GB of data, the team determined the details of 68,680,741 accounts, including the passwords, were obtained by the hackers.
According to reports, the legitimacy of the account information and passwords was confirmed by “a senior Dropbox employee.”
Although the files contained an immense amount of sensitive user information, Dropbox Head of Trust and Security Patrick Heim said the issue has been resolved.
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users… We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts.”
According to the company website, Dropbox provides a platform for users to access their “files from anywhere, on any device, and share them with anyone.” In addition to providing storage, the site allows users to conveniently share documents, photographs, and videos. It also provides a platform for collaborative editing.
As stated on the official website, more than 1.2 billion files are saved to Dropbox every day.
In addition to providing an essential service, the company claims its top priority is user privacy and security. Unfortunately, an estimated 68 million Dropbox user accounts were compromised in 2012. And it appears that some of the users could still be at risk.
Despite their best efforts to thwart any future issues stemming from the breach, Dropbox is strongly urging users to change their Dropbox password and any matching passwords for other websites. They are also advising users to utilize the optional two-step verification process and to keep a close eye on their account activity.
Although they have not confirmed any serious problems related to the breach, Dropbox representatives said the suggestion is being made as a precaution.
[Image via 225937273/Shutterstock]