Dropbox the online cloud storage platform has confirmed that user IDs and passwords of 68 million users were stolen four years ago and recently leaked online.
Dropbox hacked — 68 Million Account Details Leaked Online
Dropbox is a file hosting service operated by American company Dropbox, Inc. Dropbox allows users to create a special folder on their computers, which Dropbox then synchronizes so that it appears to be the same folder (with the same contents) regardless of which device is used to view it.
Hackers have obtained login credentials of more than 68 million Dropbox accounts from a known 2012 data breach where hackers accessed Dropbox’s internal systems and accessed a list of user email accounts and now those 68 million login credentials are leaked on the internet.
Motherboard, security expert Troy Hunt and Leaked source have studied the list of Dropbox accounts and have validated that account information includes emails as well as passwords. However, they are encrypted.
Dropbox said it had no indication that any of its user accounts were improperly entered, and that it had notified its users and made them reset their passwords on the accounts.
Dropbox on its blog claims “We first heard rumors about this list two weeks ago and immediately began our investigation. We then emailed all users we believed were affected and completed a password reset for anyone who hadn’t updated their password since mid-2012.”
“This reset ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts.”
One Security practices dropbox claimed “We’ve implemented a broad set of controls including independent security audits and certifications, threat intelligence, and bug bounties for ethical hackers. In addition, we build open source tools such as zxcvbn, use bcrypt password hashing, and offer Universal 2nd Factor authentication to all users.”
Dropbox also recommends its users to create a strong, unique passwords and enable two-step verification. They also alerted its users from spam or phishing because email addresses were also included in the list that is leaked online.