2012 Dropbox hack determined worse than thought


Dropbox recently forced password resets on older accounts. It appears the reasoning was a revelation of new vulnerabilities from an old breach.

Motherboard:

Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light.

Motherboard obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. The data is legitimate, according to a senior Dropbox employee.

Always a good practice to have unique passwords for your accounts and periodically refresh passwords. More sensitive the account information, more frequent passwords should be reset. This is a good example of how long accounts can be exposed without knowledge of the situation. With good password practices you can at least mitigate risks to your accounts.