Home / News / 68 Million Emails and Passwords for Dropbox Users Made Public

68 Million Emails and Passwords for Dropbox Users Made Public

In 2012, there was a data breach into Dropbox’s files.  The data breach occurred because one employee didn’t vary his passwords and also used his corporate password for his LinkedIn profile–which experienced a data breach.

After four years (for some reason), those 68,000,000 emails and passwords were released onto the internet.

I always wear gloves when stealing people's passwords.
I always wear gloves when stealing people’s passwords.

From the Guardian:

Dropbox sent out notifications last week to all users who had not changed their passwords since 2012. The company had around 100m customers at the time, meaning the data dump represents over two-thirds of its user accounts. At the time Dropbox practiced good user data security practice, encrypting the passwords and appears to have been in the process of upgrading the encryption from the SHA1 standard to a more secure standard called bcrypt.

Half the passwords were still encrypted with SHA1 at the time of the theft.

What the above quote means is that the password data was thankfully encrypted.  The level of encryption varied depending on whether an account was encrypted using SHA1 or bcrypt, but the weaker of the two (SHA1) is still very secure.

I received a notification on a Dropbox account I rarely used (back when storage space was very limited on it).  It suggested I reset my password, but when I went to click to reset it, it turned out Dropbox already proactively reset it.

Just to be careful, I would reset any account password that might use the same email and password combination.  In addition, enable two-step verification on your accounts if it is avaliable.  Usually, this involves your account getting a text with a verification code when you log into your account at a new location.

If you are worried about using two-step verification because you don’t want to get locked out of the account when you are in the air (and can’t get your texts), there are ways to get around that.

Here’s my guide on how I use Google Voice to make sure I can always access my accounts.

About Jeanne Marie Hoffman

Former bartender, still a geek. One equal part each cookies, liberty, football, music, travel, libations. Stir vigorously. +Jeanne Marie Hoffman Jeanne on Twitter

Check Also

TSA Bans Comic Books in Checked Luggage for Comic-Con

San Diego Comic-Con has become so much more than just a comic book convention. But ...

One comment

  1. I received an E-mail on July 20th that my Dropbox account was closed due to inactivity. So, in theory, I should be good then if I haven’t received an E-mail from them about a security breach, right?

Leave a Reply

Your email address will not be published. Required fields are marked *

I like you!  
You've got moxie, kid.

I like you!  

You've got moxie, kid.

Use that moxie and join our list of email subscribers and become one of the thousands of others who visit this blog each day for tips, advice, reviews, deals & more!

You have Successfully Subscribed!