Dropbox tells some users to change their passwords following 2012 security incident
Dropbox users around the world are being told to change their account passwords. Anyone who has been using the cloud storage service since before the middle of 2012 and has not changed their password may have had some of their account details 'obtained' in an incident in 2012.
Dropbox says that email addresses plus hashed and salted passwords were grabbed four years ago. The company stresses that there are no indications that accounts have been improperly accessed and the security measures are being taken on a preventative basis.
If you receive the email from Dropbox, you should visit your account where you may find that you're prompted to choose a new password. This will not be true in every case, as Dropbox explains that not everyone in receipt of the email meets the criteria for a forced password change.
The email from Dropbox reads:
We're reaching out to let you know that if you haven't updated your Dropbox password since mid-2012, you'll be prompted to update it the next time you sign in. This is purely a preventative measure, and we're sorry for the inconvenience.
The Dropbox Team
In a help document explaining the reason behind the password reset emails, the company says:
Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we're requiring anyone who hasn't changed their password since mid-2012 to update it the next time they sign in.
Users are also warned that if they have reused their Dropbox password on other sites, they should change their security settings elsewhere too.