A dropbox security breach that occurred in 2012 is now affecting millions of users as passwords and login information appear for sale online.
A 5GB document reported by a Motherboard reporter suggests that the details of over 60 million dropbox accounts have been released online. The validity of the document was confirmed by a senior Dropbox employee and contains all hashed emails and user passwords.
Though Dropbox forced password resets last week to ensure unchanged passwords were updated, they are unable to confirm how many users have been affected. The firm insists they have not had any information of a user being hacked because of this breach but urges users to change their passwords immediately as a preventative measure.
What you can do
- If you are unsure whether your account has been compromised, you can check at haveibeenpwned.com, which scans a database of all known breaches and will tell you if your email is one of the affected accounts. This page is safe and you can enter your email address to find out if your account has been compromised.
- Change your Dropbox password immediately. If your password is among the thousands stolen, it cannot be used if it has been replaced with a new one. Even if you’re not sure your details have been leaked, it doesn’t hurt to be sure
- Never use the same password across multiple sites. If it is compromised on one, be sure it will be used to access others such as your internet banking or email accounts
- Update passwords regularly
- Use a password generator to create a complex random series of numbers and characters for a more secure password. Though this cannot prevent your account details being extracted from a major website, it does ensure that your password cannot be easily guessed
Have a great (malware-free day!)