Security News

2012 Dropbox breach strikes again, dumps 68 million passwords online

Gracie Roberts, 1 September 2016

Four years after Dropbox suffered a data breach, nearly two-thirds of the company’s user base has had their passwords revealed in a massive password dump.

Dropbox has been going through some rough times as of late. In the past 24 hours, headlines have been popping up left and right about a Dropbox password dump of epic proportions.

While this attack is undoubtedly significant and scary for Dropbox users, it’s nothing new -- the actual root of this attack originated in 2012, when Dropbox reported that many users’ email address had been stolen. Interestingly enough, there was no mention of stolen passwords at the time. Now, it’s become clear that the madness didn’t stop in 2012 -- instead, it has been lying dormant for the past several years and has finally reared its ugly head once more in yesterday’s breach.

Since yesterday’s dump of 68 million passwords, Dropbox has published a follow-up notice on the company blog. Here are some words of advice directly from Dropbox: “If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification. Also, please be alert to spam or phishing because email addresses were included in the list.”

Your Dropbox account is one that you really don’t want compromised, as the majority of account reflect much of the data you store on your PC and/or smartphone. This means that most likely, your sensitive documents including photos and videos are all stored on your Dropbox, which makes them prime pickings for hackers.

Moral of the story: Change your passwords frequently

Additionally, ensure that your passwords are complex and consist of a healthy mix of letters, numbers and special characters. Luckily, the dumped Dropbox passwords were hashed (meaning that they were encrypted), making it impossible for hackers to access them unless using brute force. If you have a simple password, it becomes easy for hackers to break into your accounts merely by guessing.

Even if databases with user credentials get stolen, this case goes to show that sometimes, the real damage and associated risks can remain unknown for years at a time. Avast Passwords is our foolproof password solution that allows you to make your passwords unbreakable and protect what’s yours.

INSTALL NOW

Image via Graham Cluley