Four years ago, Dropbox was breached by hackers but little was known about the extent of the hack.
This week Motherboard reported that the hack was far worse than anybody could have expected. In total 68 680 741 accounts were compromised in the 2012 hack and the information gleaned from the hack includes email addresses and hashed passwords.
The information is currently for sale in database trading communities, and a Dropbox employee confirmed to Motherboard that the data is legitimate.
The passwords obtained are secured with both bcrypt and SHA-1 hashing with salt (a random character string added to the password) which should make them harder to crack.
We say harder, not impossible and for that reason Dropbox has forced a password reset on users that might have been impacted by the breach.
“We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password,” said Dropbox head of trust and security, Patrick Heim.
To further secure your accounts we also suggest activating two-factor authentication as an extra precaution. Especially if you think you once, possibly, maybe, perhaps used your Dropbox password from 2012 for another service.
[Via – Motherboard] [Image – CC BY 2.0 Ian Lamont]