Dropbox hacked: almost 70 million users’ passwords, personal info exposed

“A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses”, it said.

Breach notification site Leakbase provided Motherbord’s Joseph Cox with a copy of the 5GB database, containing user 68,680,741 accounts. The company told NBC that it had not detected any malicious access to affected accounts, which allow users to upload, download and share files.

These developments confirm the authenticity of the security breach of Dropbox in 2012.

“Our security teams are always watching out for new threats to our users”. A Dropbox hack from 2012 led to a major security breach.

Dropbox said it was merely doing this as a precaution, as “we don’t believe that any accounts have been improperly accessed”, despite its earlier statement that some accounts had been accessed.

Heim urged Dropbox users who signed up for the service before mid-2012 and reused the same passwords to other accounts to update their passwords.

However, 36 million of the passwords used the now dated SHA1 hash, which isn’t as secure, although Dropbox did additional encryption which according to Motherboard does not seem to have been breached.

But Mr Heim warned that people who use the same password for other applications and websites should consider changing them as well. “Our analysis suggests that the credentials relate to an incident we disclosed around that time”, Dropbox wrote in the blog post.

If you’re affected, the next time you login to Dropbox, you’ll be prompted to update your password and select a new one for obvious reasons.

In 2014, the company was forced to deny that it had been hacked after an anonymous account posted what it claimed were the usernames and passwords of millions of the site’s users. The company acknowledged the hack that took place four years ago, but it didn’t say how many users were compromised, Ars Technica reports.

And if you reused that Dropbox password anywhere else (which is of course awful security practice precisely because of incidents such as these), then go and change those accounts as well.