Hackers Stole Account Information of Over 68 Million Dropbox Users

If you’re a long-time Dropbox user, you’ll have noticed that recently the company distributed an email to a large number of its users recently, urging (and in some cases forcing) them to change their passwords. Now the reason for this has come to light: Back in 2012, the cloud storage firm fell victim to a data breach which led to over 68 million users of the service having their account information, including email addresses and hashed passwords, being stolen by hackers.

Dropbox had admitted previously that they had suffered a hacking attack, but at the time did not disclose just how much data had been taken in the incident. The leaked data was first confirmed as real by an unnamed Dropbox employee, but security expert Troy Hunt also obtained a copy of the files and managed to verify the data by uncovering the account information for both him and his wife in it.

Thankfully for the 68 million Dropbox users, the firm doesn’t believe that any of the accounts were improperly accessed and all of their files should remain safe and private. All of the passwords included in the leak were salted and encrypted in the leak. The files should also be somewhat difficult to crack as while only around half of the passwords are encrypted in the stronger bcrypt algorithm, the leak doesn’t contain the salts for those stored in SHA-1, which while easier to crack would be almost impossible without the salt present.

While all this may seem like there is no threat, if you’ve been using Dropbox, it would be wise to make sure your password has been changed and also turn on the two-step authentication while you’re there.