68 Million Emails and Passwords for Dropbox Users Made Public

In 2012, there was a data breach into Dropbox’s files.  The data breach occurred because one employee didn’t vary his passwords and also used his corporate password for his LinkedIn profile–which experienced a data breach.

After four years (for some reason), those 68,000,000 emails and passwords were released onto the internet.

I always wear gloves when stealing people's passwords.
I always wear gloves when stealing people’s passwords.

From the Guardian:

Dropbox sent out notifications last week to all users who had not changed their passwords since 2012. The company had around 100m customers at the time, meaning the data dump represents over two-thirds of its user accounts. At the time Dropbox practiced good user data security practice, encrypting the passwords and appears to have been in the process of upgrading the encryption from the SHA1 standard to a more secure standard called bcrypt.

Half the passwords were still encrypted with SHA1 at the time of the theft.

What the above quote means is that the password data was thankfully encrypted.  The level of encryption varied depending on whether an account was encrypted using SHA1 or bcrypt, but the weaker of the two (SHA1) is still very secure.

I received a notification on a Dropbox account I rarely used (back when storage space was very limited on it).  It suggested I reset my password, but when I went to click to reset it, it turned out Dropbox already proactively reset it.

Just to be careful, I would reset any account password that might use the same email and password combination.  In addition, enable two-step verification on your accounts if it is avaliable.  Usually, this involves your account getting a text with a verification code when you log into your account at a new location.

If you are worried about using two-step verification because you don’t want to get locked out of the account when you are in the air (and can’t get your texts), there are ways to get around that.

Here’s my guide on how I use Google Voice to make sure I can always access my accounts.

About Jeanne Marie Hoffman

Former bartender, still a geek. One equal part each cookies, liberty, football, music, travel, libations. Stir vigorously. +Jeanne Marie Hoffman Jeanne on Twitter

Check Also

Bar Blur

Tourist Arrested in Dubai for Touching Man’s Hip in Bar

A British citizen was arrested in Dubai for inadvertently touching another man’s hip in a …

One comment

  1. I received an E-mail on July 20th that my Dropbox account was closed due to inactivity. So, in theory, I should be good then if I haven’t received an E-mail from them about a security breach, right?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.