'

Dropbox are now reacting to a 2012 data breach

Dropbox are now reacting to a 2012 data breach

Dropbox are now reacting to a 2012 data breach

Dropbox are now reacting to a 2012 data breach

 

Dropbox are now prompting users to change their passwords in reaction to a hack that took place in 2012, a hack that they did disclose at the time, but failed to force their users to update their passwords as a protective measure. 

In reaction to this hack, Dropbox did implement two-factor authentication to their service, but they nonetheless failed to protect their users by forcing a password change. This has left millions of Dropbox users with potentially insecure accounts for around four years. 

Now Dropbox users who account which are from 2012 or earlier and have not changed their password since mid-2012 are being prompted to change their passwords and to change the passwords on any online account that uses the same password. Below is Dropbox's statement saying why they have prompted this password update. 

 

    Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.

Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.

  Dropbox are now reacting to a 2012 data breach

 

While Dropbox does state that they have not found any accounts that they believe have been improperly accessed, it is unacceptable that such a potential security hole has been left open for almost 4 years with the companies knowledge. 

Those affected by this data breach should have received a password reset notification by now, but at this point, some damage may have already been done to a number of Dropbox users. 

 

You can join the discussion on Dropbox finally issuing a password reset for a 2012 data breach on the OC3D Forums

  

«Prev 1 Next»

Most Recent Comments

31-08-2016, 07:32:30

Kushiro
Just goes to show to not trust public cloud services with sensitive data. Private all the way.Quote

31-08-2016, 07:36:24

Chrazey
Haha complete utter retards! For 4 years ago it happened, and only NOW they prompt everyone to change their passwords?... Might just give it out already, since it has been voulnerable for several years.Quote

31-08-2016, 08:46:03

SuB
Quote:
Originally Posted by Chrazey View Post
Haha complete utter retards! For 4 years ago it happened, and only NOW they prompt everyone to change their passwords?... Might just give it out already, since it has been voulnerable for several years.
Except it's not, a hashed and salted password is still pretty secure.

This is a bit fearmongery tbhQuote

31-08-2016, 15:51:58

NeverBackDown
Quote:
Originally Posted by SuB View Post
Except it's not, a hashed and salted password is still pretty secure.

This is a bit fearmongery tbh
Yes that is true. But not everyone has complex passwords and this does leave millions of people at risk of having data taken. If they did two step authentication, then no one really needs to worry tbh, but if they didn't have there password is still "password" for example, then they are more than likely screwedQuote

01-09-2016, 03:56:27

Kushiro
Srs though, if they didnt protect their data with proper passwords and their own security measures, then I doubt it would have been very important in the first place..Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.