68.6 million Dropbox accounts compromised in the 2012 data breach

68.6 million Dropbox accounts compromised in the 2012 data breach
HIGHLIGHTS

Change your password associated with Dropbox ASAP

Dropbox was the subject of a breach way back in 2012 and the online cloud storage company has vehemently denied the same for quite some time. Not much was known about the magnitude of the leak until recently. Earlier this week Dropbox forced password resets for accounts that were registered prior to mid-2012 as “purely a preventive measure”. Dropbox mentioned that they don’t believe that any account had been hacked. However, recent reports based on analysis of data dumps from the 2012 hack indicate that email IDs and passwords associated with Dropbox have indeed been hacked. And based on those very data dumps, it appears that 68,680,741 accounts had been compromised in the 2012 breach. 

Leakbase.pw, a website that notifies users about password leaks obtained four files totaling up to 5 GB which contained the credentials of all users affected by the 2012 breach.  Anonymous Dropbox officials have even confirmed that these files do indeed contain user data. Two of these files contain email addresses and bcrypt hashes and the other two contain email addresses and SHA1 hashes. 

Have I been hacked?

If you’d registered on Dropbox prior to mid-2012 then it’s quite probable that your data has been traded openly and whatever password was used is now known to many. Soon enough, you will have services like https://haveibeenpwned.com updating their databases with the breach data and you’ll be able to verify the same easily. Since the passwords of about 32 million accounts were encrypted using bcrypt algorithm, it’s safe to say that those accounts will be a lot more difficult to decrypt. But if you happen to be one of the many unlucky ones whose account passwords were encrypted using SHA1 algorithm then it’s best that you change your passwords as early as possible.

Dropbox has modified the way it hashes passwords since 2012 so hackers will have a lot tougher time decrypting passwords had there been any more breaches post 2012. Given the magnitude of the breach, Dropbox now ranks 6th in the list of the Top 10 breaches of all time.

Mithun Mohandas

Mithun Mohandas

Mithun Mohandas is an Indian technology journalist with 10 years of experience covering consumer technology. He is currently employed at Digit in the capacity of a Managing Editor. Mithun has a background in Computer Engineering and was an active member of the IEEE during his college days. He has a penchant for digging deep into unravelling what makes a device tick. If there's a transistor in it, Mithun's probably going to rip it apart till he finds it. At Digit, he covers processors, graphics cards, storage media, displays and networking devices aside from anything developer related. As an avid PC gamer, he prefers RTS and FPS titles, and can be quite competitive in a race to the finish line. He only gets consoles for the exclusives. He can be seen playing Valorant, World of Tanks, HITMAN and the occasional Age of Empires or being the voice behind hundreds of Digit videos. View Full Profile

Digit.in
Logo
Digit.in
Logo