A Dropbox security breach in 2012 has affected more than 68 million account holders, according to security experts. Last week, Dropbox reset all passwords that had remained unchanged since mid-2012 “as a preventive measure”. In 2012, Dropbox had said hacks on “other websites” had affected customers who used their Dropbox password on other sites too, but now what purports to be the details of 68.6 million Dropbox accounts have emerged on hacker trading sites.
Dropbox sent out notifications last week to all users who had not changed their passwords since 2012. The company had around 100m customers at the time, meaning the data dump represents over two-thirds of its user accounts. At the time Dropbox practiced good user data security practice, encrypting the passwords and appears to have been in the process of upgrading the encryption.
The hack highlights the need for tight security, both at the user end – the use of strong passwords, two-step authentication and no reuse of passwords – and for the companies storing user data. Even with solid encryption practices for securing users’ passwords, Dropbox fell foul of password reuse and entry into its company network. If you have any security concerns or questions, please talk to us.