Dropbox has notified all users that signed up for their services prior to 2012 that they need to change their password if they didn’t do so in the last four years. The company concluded its internal investigation and discovered that there was indeed, a Dropbox hacking that endangered over 68 million accounts.
According to Motherboard, there is evidence that a 2012 Dropbox hacking disclosed details of 68,680,741 accounts, including the email addresses of users and their salted or hashed passwords. The company responded yesterday by stating:
“The list of email addresses with hashed and salted passwords is real, however, we have no indication that Dropbox user accounts have been improperly accessed. We’re very sorry this happened and would like to clear up what’s going on.”
Approximately two weeks ago, the cloud storage company came about some rumors that a comprehensive list of user credentials was available to the public. An investigation was started, and Dropbox concluded that the login details were obtained during a security breach that took place in 2012.
In order to make sure that the leaked information would not be used, the company decided to implement a forced reset of all passwords belonging to accounts older than 2012.
There are lots of people who use the same password for all of their accounts. If the login information of such an individual leak, then all of the person’s accounts could be hacked.
Motherboard declared that an average of 32 million passwords are secured with a bcrypt hashing function. The others are protected by salted SHA-1 hashes. The protection measures are not top notch, but they are fairly difficult to crack.
The email that the cloud storage service sent to its users said:
“We’re reaching out to let you know that if you haven’t updated your Dropbox password since mid-2012, you’ll be prompted to update it the next time you sign in. This is purely a preventative measure, and we’re sorry for the inconvenience.”
What do you think about the Dropbox hacking incident? Do you find it concerning that they only learned about the leak four years after the incident took place? Do you still feel that your data is safe with Dropbox?
Image source: Flickr