recommended reading

Threatwatch

68M Dropbox Credentials Stolen

Data dump; Stolen credentials; User accounts compromised

Emails and passwords for 68 million online cloud storage accounts emerged this week, years after the initial breach.

Dropbox announced Aug. 26 users would have to reset their passwords if their accounts were made before mid-2012 and haven’t updated their credentials.

“We learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” the Dropbox site said.

The data, however, popped up in database trading community but doesn’t appear to be in the “major dark web marketplaces,” according to Motherboard.

Dropbox also used two hashing algorithms, one of which, bcrypt, Motherboard said hackers were “unlikely” to crack to access users’ passwords.

“We don’t believe that any accounts have been improperly accessed,” said the Dropbox announcement. To improve security, the company suggested using unique passwords across multiple services, only use accounts with secure devices and enable two-step verification.

sector

Web Services

reported

August 30, 2016

reported by

Motherboard

number affected

68 million

location of breach

U.S.

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

July 31, 2012

date breach detected

Unknown