large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

The Dropbox hack is real! Password dump revealed as 68 million stolen user details leaked online

More than 68 million user records for popular cloud storage service Dropbox have been dumped online after being stolen in 2012. Here’s what you need to know about the massive security breach.

At the time of the hack, Dropbox revealed user’s email addresses had been stolen, but it did not disclose that passwords had also been taken. The site says it has already forced password resets.

Motherboard reported the data dump earlier today, after it was highlighted by security service Leakbase, with operator of Have I been pwned, Troy Hunt, independently verifying the news.

Related: iPhone 7

Hunt was sent data from a ‘supporter’ which he analysed, eventually finding his and his wife’s emails among the hacked files.

There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing,” he writes.

Hunt also confirmed Dropbox had asked his wife, via email, to reset her password, concluding: “As for Dropbox, they seem to have handled this really well. They communicated to all impacted parties via email”

According to Hunt, the leaked records total 68,648,009 Dropbox accounts which are currently “searchable in HIBP”.

Related: IFA 2016

Dropbox, which had around 100 million users in 2012, sent out notifications last week to ask users to change their passwords if they had not done so since 2012.

The company appears to have used solid user security techniques to encrypt the passwords at the time and seems to have been upgrading the encryption to a more secure version.

It also appears the original hack took place after a Dropbox employee re-used the same password for LinkedIn, which was also hacked – revealing the password.

This allowed the hackers to gain access to Dropbox’s corporate network and steal the data.

If you’ve been using the service since 2012, it’s probably a good idea to change your password. You might even consider doing so if you have changed your password since then.

As Hunt writes: “Definitely still change your password if you’re in any doubt whatsoever and make sure you enable Dropbox’s two-step verification while you’re there if it’s not on already.”

Watch The Refresh: The best tech gossip and reviews every week

Let us know if you’ve been affected in the comments.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.