- Hackers stole more than 68 million user account details for Dropbox, including emails and account passwords.
- Last week, Dropbox announced it was forcing password resets for numerous users after discovering a set of account details stolen during a previously disclosed breach in 2012. The company at the time did not disclose the number of impacted accounts.
- Patrick Heim, head of Trust and Security at Dropbox, said in a statement that this is not a new security incident, and there is no indication that Dropbox user accounts have been improperly accessed.
Data breaches are a growing problem for businesses, sometimes requiring them to deal with security issues caused by breaches that occurred years earlier.
Motherboard examined a sample of the stolen Dropbox files through "sources in the database trading community." Dropbox later confirmed the authenticity of the data in a statement.
"Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012," said Hein. "We can confirm that the scope of the password reset we completed last week did protect all impacted users. Even if these passwords are cracked, the password reset means they can’t be used to access Dropbox accounts."
The reset only affects users who signed up for Dropbox prior to mid-2012 and who haven’t changed their password since.
While Dropbox accounts are protected, affected users who may have reused their password on other sites should take steps to protect themselves on those sites, suggested Heim.