Severity of 2012 Dropbox hack comes to light - 68m accounts were compromised

Dropbox

Cloud-based file-manager Dropbox has admitted that the details of over 60 million accounts have been circulated online since a breach in 2012.

Motherboard first reported the breach, claiming that while individual users were informed of the breach at the time with forced password resets, the scale of user information circulating on the dark web has just become apparent.

Four databases totalling 5GB and 68,680,741 accounts has been independently verified by Dropbox sources via Motherboard and TechCrunch.

At the time of the breach the company announced: “We learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.”

It claimed: “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.”

It did not admit that passwords were also leaked although the decryption upon them remains intact.

TechCrunch stated that the hack affected around three-fifths of the service’s user base at the time.

Joe Siegrist, chief executive of LastPass, said: "Humans are inherently bad at making passwords and continue to reuse passwords despite the obvious risks. Using unique passwords for all your online accounts ensures that if they’re leaked in a breach like this one, they can’t be used by hackers to get into any of your other accounts. If you’re not doing this, you’re doing it wrong.”

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.