Dropbox 2012 hack exposes 68 million accounts

Remember how Dropbox asked all those that haven't changed their passwords since 2012 to do so now? Remember how they said they did it for no particular reason, just as a precaution? Turns out, it was much more than that.

As a matter of fact, back in 2012, more than 68 million accounts were hacked.

"The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed", the company’s head of trust Patrick Heim confirms in a blog post. "We’re very sorry this happened and would like to clear up what’s going on".

So yes, it is out of precaution after all. A Motherboard reporter got his hands on a 5GB-big document, and verified it by a "senior Dropbox employee", who obviously wants to stay anonymous. The document contained emails and hashed passwords, but according to security expert Troy Hunt, they aren’t that easy to crack.

"Frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public", Hunt tells the BBC.

Writing a blog post on the matter, Hunt said the hack was "real".

"There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can't fabricate this sort of thing. It confirms the statement from Dropbox themselves, but this is the kind of thing I always like to be sure of".

Even if you have changed your password after 2012, it wouldn’t hurt to do it again.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Photo Credit: triocean/Shutterstock