The rumor is true. A Dropbox hack in 2012 did indeed lead to a significant breach of security.
The stolen files contained data from over 68 million users.
The information involved:
- User credentials
- Email addresses
- Hashed/salted passwords
While the company did report the incident in July of 2012, the breach’s full scope is being felt just now.
Dropbox responded to the threat a few days ago, with emails and a post addressing their users.
What Happened in the Dropbox Hack?
Sources report the stolen passwords were salted and encrypted, with about half protected by a secure algorithm called bcrypt.
The other half use an older, weaker algorithm called SHA-1.
Password salting involves adding a random string of data to the hash – a shortened binary string produced from the particular text by a specific algorithm.
It is used to provide unique identifiers and improve security. SHA-1 and bcrypt are both types of hash functions.
Patrick Heim, Head of Trust & Security for Dropbox, wrote a post in late August of this year, stating that Dropbox users who signed up before mid-2012, and had not changed passwords since then — were at risk.
The post urged such customers to reset their passwords.
An email, sent around the same time, stated that users who hadn’t their updated passwords, would be prompted to change it on their next login.
The post does state, however, that Dropbox currently has no indications of improper access.
Troy Hunt, a Microsoft Regional Director, and MVP, tested and confirmed the Dropbox hack’s legitimacy.
His project, haveibeenpwned.com, allows users to check for accounts compromised in a data breach.
What Should I Do Now?
For customers affected by the Dropbox hack, do the following :
- Change your Dropbox password immediatel if you are or were prompted to do so
- Enable the Dropbox Two-Factor Authentication
- Use a password manager such as 1Password or LastPass
- Change any passwords on other sites that are the same as the one in the Dropbox breach
- Consider a different or additional cloud storage provider
What Other Cloud Storage Providers Are Available?
Sync.com has long been a recommendation as one of the best alternatives to Dropbox, here at Cloudwards.net.
What are your thoughts on the Dropbox hack? Are you considering another provider, and if so, why?
Share your thoughts with us in the comments section below.