Hackers have obtained credentials for more than 60 Million accounts hacked for online cloud storage platform. Dropbox has confirmed the breach and notified its customers of a possible forced countersign reset. tho’ the announcement didn’t understand the precise variety of affected users.
However, in a very choice of files obtained through sources within the information commerce community and breach notification service Leak base. Motherboard found around 5GB of files containing details on 68,680,741 accounts, which incorporates email addresses and hashed passwords for Dropbox users.
Out of sixty Million, virtually thirty-two Million passwords area unit secured mistreatment the robust hashing operate”BCrypt,” creating troublesome for hackers to get user’s actual passwords. whereas the remainder of the passwords area unit hashed with the SHA-1 hashing algorithmic program.
These countersign hashes conjointly believed to possess used a Salt – a random string further to the hashing method to any strengthen passwords to create it tougher for hackers to crack them.
Dropbox Team Statement on Data Breach
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox.
“We initiated this reset as a precautionary measure so that the old passwords from before mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
Dropbox disclosed the information breach in 2012. They notified users that one in all its worker passwords was nonheritable and used to access a file with the user’s email addresses. however, the corporation did not disclose that the hackers were ready to steal passwords too.
Earlier in the week, Dropbox sent out emails alerting its users that an outsized chunk of its users’ credentials was obtained in 2012 knowledge breach which will before long be seen on the Darknet marketplace, prompting them to alter their password if they hadn’t modified since mid-2012.
Our security teams are always watching out for new threats to our users. As part of these ongoing efforts. We learned about an old set of Dropbox user credentials that we believe were obtained in 2012, the company wrote. “Our analysis suggests that the credentials relate to an incident we disclosed around that time.”
Dropbox is the latest to join the list of “Mega-Breaches,” that revealed this summer. When hundreds of Millions of online credentials from years-old data breaches on popular social network sites. Some of them are LinkedIn, MySpace, VK.com and Tumblr, Yahoo which were sold on Dark Web.
How to make your account safe:
Change your passwords for Dropbox as well as other online accounts immediately. Especially change if you use the same password for multiple websites.
Also, use a good password manager to create complex passwords for different sites as well as remember them. Change passwords every month to keep your account safe.