August 29, 2016 by

Dropbox Tells Users to Update Their Passwords

Popular cloud storage provider Dropbox is urging users who haven’t changed their passwords since mid-2012, to update their credentials. The move comes after data from a 2012 breach resurfaced, prompting fears that the stolen information can be used to compromise user accounts.

Dropbox has sent out a note to its users, asking those who have not changed their passwords from mid-2012 to come up with new alphanumeric passwords.

“We are prompting a password update purely as a preventative measure,” a FAQ by Dropbox read. “We have no indication your account was improperly accessed.”

The company revealed that its security team learned of the resurfacing of an old batch of user credentials from 2012 that contained email addresses and salted hash passwords. At the time, usernames and passwords stolen from a significant breach were being used to sign into a number of Dropbox accounts. That significant breach is that of the LinkedIn hack, which saw some 117 million login credentials leaked online earlier this year.

Related read: Chinese Cybercriminal Gang Use Dropbox To Target Media Companies

More notably, a stolen password was used to access an employee’s Dropbox account, one which contained a document that held users’ email addresses. This, the investigation revealed, led to users of those email addresses receiving spam emails.

Now, that set of passwords and email addresses is turning up again.

The company stated:

Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.

For good measure, the cloud storage provider is also recommending users enable two-factor authentication. Although not hacker-proof, the security feature in Dropbox requires users to enter a six-digit security code or key, in addition to the password, at the time of logging in.

 Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Czech Court Rules LinkedIn Hacker can be Extradited to U.S or Russia

In October 2016, a Russian-born hacker was arrested in Prague in a law enforcement effort...

Read more arrow_forward

Turkey Blocks Access to Dropbox, Google Drive and OneDrive

The Turkish government has blocked access to a number of cloud-based storage services including...

Read more arrow_forward

Hackers Stole Over 60 Million Dropbox Account Details

Dropbox’s recent mandate of getting a certain group of users – those registered with the cloud...

Read more arrow_forward