View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
August 31, 2016

68 million Dropbox users’ logins appear on internet

News: Dropbox has prompted users to reset their passwords.

By Alexander Sword

The full extent of a Dropbox hack in 2012 has become clear, with nearly 70 million account details for Dropbox users stolen.

While Dropbox disclosed the attack around that time, only now has it been revealed that 68,680,741 accounts had been compromised, according to records obtained by Motherboard.

The account details, provided by Leakbase, were related to the 2012 incident.

However, due to Dropbox’s use of encryption the passwords were unlikely to be deciphered by hackers.

On 25 August, Dropbox announced that users of Dropbox who had signed up prior to mid-2012 would be prompted to change their passwords when they signed in.

The company also told its users that if they had used the passwords on other sites, they should change it on Dropbox and other services.

It also urged users to adopt two-factor authentication, a security feature that was introduced at the time of the previous hack. Other new measures included automated mechanisms to identify suspicious activity, a new page to examine logins to a user’s account and password prompts.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Dropbox said that the measures had been taken as a precaution and that there was no evidence that any user accounts had been improperly accessed, basing this on “threat monitoring and the way we secure passwords”.

The incident originally came to light when Dropbox users began receiving spam emails at addresses used only for Dropbox.

Dropbox said that this had happened when a stolen password was used to access an employee Dropbox account containing a project document with user email addresses.

“We have dedicated security teams that work to protect our services and monitor for compromises, abuse, and suspicious activity,” wrote Patrick Heim, Head of Trust & Security for Dropbox, in a blog.

“We’ve implemented a broad set of controls including independent security audits and certifications, threat intelligence, and bug bounties for ethical hackers. In addition, we build open source tools such as zxcvbn, use bcrypt password hashing, and offer Universal 2nd Factor authentication to all users.”

Nigel Hawthorn, chief European spokesperson at Skyhigh Networks, said that the incident showed the need for enterprises to be aware of the multiple cloud services in use by their employees.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.