68M Dropbox Credentials Stolen

Emails and passwords for 68 million online cloud storage accounts emerged this week, years after the initial breach.

Dropbox announced Aug. 26 users would have to reset their passwords if their accounts were made before mid-2012 and haven’t updated their credentials.

“We learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” the Dropbox site said.

The data, however, popped up in database trading community but doesn’t appear to be in the “major dark web marketplaces,” according to Motherboard.

Dropbox also used two hashing algorithms, one of which, bcrypt, Motherboard said hackers were “unlikely” to crack to access users’ passwords.

“We don’t believe that any accounts have been improperly accessed,” said the Dropbox announcement. To improve security, the company suggested using unique passwords across multiple services, only use accounts with secure devices and enable two-step verification.