Over 68 million Dropbox accounts (usernames and passwords) have been published online, four years after the platform was breached.
Website Hot For Security, supported by Bitdefender, explains what happened. An employee's password, stolen when LinkedIn was hacked in 2012, was then reused to access the same person's Dropbox account. That account contained Dropbox credentials.
It seems that most of the passwords were stored in encrypted form, so they can't be used too easily.
What Dropbox says:
We first heard rumors about this set two weeks ago, and immediately began our investigation. We then emailed all users we believed were affected and completed a password reset for anyone who hadn't updated their password since mid-2012. This reset ensures that even if these passwords are cracked, they can't be used to access Dropbox accounts. Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we're requiring anyone who hasn't changed their password since mid-2012 to update it the next time they sign in.
And what did you say you keep on Dropbox? To make sure no one else is lurking there, change your password. Or try OneDrive, by Office 365.
