Today Dropbox announced new details about the hack that happened back in 2012, revealing that not only were user’s emails leaked, but so were their passwords, nearly 70 million user’s data was stolen during this hack, including the passwords and email address of 68.7.
Dropbox say that these were stolen years ago when hackers used stolen employee login details to access a document that contained the email address and passwords of users.
This is incredibly disappointing, first off that Dropbox has only announced this news today (they did reveal that information was comprised in 2012, but not to this level) and that they stored users’ personal information in such a poor manner, we would be surprised if Dropbox doesn’t see some repercussions for this.
Dropbox is asking any users who signed up to the service before mid-2012 to change their password now.
However, it is very hard to know if you have been affected, so you should think about changing your password anyway.
Dropbox said that it had hashed and salted the information, making it difficult to decipher them, but that doesn’t mean that you shouldn’t be annoyed about the hack.
If these details were somehow cracked, the hacker would be able to access all of these details, so make sure that you reset the password of any account that may be using the password that you set for Dropbox previously.
A good thing to also do is to set-up two-factor authentication on any account that you can do so, this will provide you with way more protection than a simple password and username.