Are you a long-time Dropbox user? Best change your password now

User details of almost 70 million accounts have been spilled online

Dropbox for Android

Dropbox has confirmed that a huge set of user details is available online, thanks to a security breach which happened back in 2012 – and therefore users of the service who signed up before the middle of that year need to change their passwords.

Last week, these long-time users of Dropbox were advised to change their password "purely as a preventive measure" – if they hadn't changed it since 2012 – and now the reason for that move has emerged, with the company confirming that the details of some 68 million users have been compromised.

Those details comprise of email addresses of account owners plus hashed and salted passwords.

Dropbox said it believed this leak can be traced back to an incident made public in July 2012 where an employee's account was accessed using a stolen password, and that staff account contained a document with user email addresses (although there was no mention of passwords at the time).

Password prompting

If you're affected, the next time you login to Dropbox, you'll be prompted to update your password and select a new one for obvious reasons. So if you've not logged on for some time, best scurry off and do that now. (At any rate, you should have already received a message from the company prompting you to do so).

And if you reused that Dropbox password anywhere else (which is of course terrible security practice precisely because of incidents such as these), then go and change those accounts as well. And think about getting yourself a password manager

Dropbox said it doesn't believe any of the accounts in question have actually been accessed by an outsider, based on its threat monitoring processes and the strong security measures applied to the passwords.

Users may well want to consider switching on two-step verification for their Dropbox account – and indeed for all important online accounts where it's available – so even if a malicious party does manage to crack a password spilled by a breach, they still won't be able to break into your account.

Via: PC World

Article continues below