Dropbox has dropped the ball.
It's come to light that hackers made off with over 60 million account details during a security breach that took place on the cloud storage service in 2012. Dropbox has since announced that it would be pushing through a password reset process for all users who haven't updated their password since mid-2012.
"This reset ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts," explains a posting on their blog, which states that they're "very sorry" the hack happened.
The story began back in 2012, after Dropbox discovered one of its employees accounts had been hacked. The employee account gave the hackers access to a large number of user email addressed, which they subsequently swiped. Dropbox didn't notice any accounts being accessed by additional parties, but users did report that they had started receiving more spam emails than usual - hinting that the emails had been passed on by the hackers.
Skip forward to August 2016, and Dropbox got word that a list of some 68 million Dropbox users' emails and passwords - stolen in that 2012 hack - had appeared 'in the wild'. Motherboard has since been passed a selection of the files, which Dropbox has confirmed as genuine. Around half of the stolen passwords appear to have been protected by Dropbox's encryption measures, meaning hackers won't have been able to access around 32 million of the passwords.
"We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," Patrick Heim, Head of Trust and Security for Dropbox, told Motherboard. "We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password."
What do I need to do?
As far as your Dropbox account is concerned, you'll want to accept any legitimate requests from the company to reset your password. It's also a good idea to enable two-step authorisation, which helps guard against someone pinching your password and accessing your account remotely.
In addition to this, if you use the same password for all your online accounts (NEVER a good idea), you'll want to change any accounts that used the same email and password combination that you used on Dropbox. Should the details stolen by hackers appear on a darkweb market place, there's a chance someone might nab your details and plug it into software that could attempt to log in to your online accounts.
Never use the same password for more than one site. Never share your email address more than you need to. Be cautious, and don't be an idiot.