More than 68 million user records for popular cloud storage service Dropbox have been dumped online after being stolen in 2012. Here’s what you need to know about the massive security breach.
At the time of the hack, Dropbox revealed user’s email addresses had been stolen, but it did not disclose that passwords had also been taken. The site says it has already forced password resets.
Related: iPhone 7
Hunt was sent data from a ‘supporter’ which he analysed, eventually finding his and his wife’s emails among the hacked files.
Hunt also confirmed Dropbox had asked his wife, via email, to reset her password, concluding: “As for Dropbox, they seem to have handled this really well. They communicated to all impacted parties via email”
According to Hunt, the leaked records total 68,648,009 Dropbox accounts which are currently “searchable in HIBP”.
Related: IFA 2016
Dropbox, which had around 100 million users in 2012, sent out notifications last week to ask users to change their passwords if they had not done so since 2012.
The company appears to have used solid user security techniques to encrypt the passwords at the time and seems to have been upgrading the encryption to a more secure version.
It also appears the original hack took place after a Dropbox employee re-used the same password for LinkedIn, which was also hacked – revealing the password.
This allowed the hackers to gain access to Dropbox’s corporate network and steal the data.
If you’ve been using the service since 2012, it’s probably a good idea to change your password. You might even consider doing so if you have changed your password since then.
As Hunt writes: “Definitely still change your password if you’re in any doubt whatsoever and make sure you enable Dropbox’s two-step verification while you’re there if it’s not on already.”
Watch The Refresh: The best tech gossip and reviews every week
Let us know if you’ve been affected in the comments.