Way back in 2012, the Dropbox database was hacked, leading to 68 million users having their details stolen. At the time, Dropbox reported that user email addresses were in-fact stolen but didn’t touch on passwords. However, this week, millions of Dropbox passwords leaked onto the web, originating from the attack several years ago.
The password dump was brought into the spotlight by Leakbase, a site dedicated to keeping tabs on user information leaks. Since then, Troy Hunt, the security researcher behind the site Have I been pwned? has had a look at the leak to verify it, discovering a record of his wife’s current Dropbox details, along with a record of his old login for the service, meaning there are definitely legitimate accounts that can be affected by this.
Motherboard managed to get in touch with a spokesperson for Dropbox, who claimed that so far, there have been no signs of malicious activity on any accounts. However, a password reset will be coming to an undisclosed amount of Dropbox accounts. Around half of the passwords in the leak were protected by the bcrypt hashing algorithm, so those should be secure.
Even so, if you have a Dropbox account, you should probably check your account and change your password. Enabling two-factor authentication should also help keep your account secure in the event of something like this happening.
KitGuru Says: This hack may have happened several years ago now but if you haven’t changed your password since then, you could be affected by the leak. If you’re a Dropbox user, now would be a good time to change your password to something else.