Dropbox Hack in 2012 Targeted Over 60 Million Accounts

by

After Dropbox forced a password reset on any user who hadn't changed their login credentials since mid-2012 -- due to a hack faced by the company that year -- new information has surfaced recently detailing the extent of the user data leak.

According to a collection of files obtained by Motherboard, containing the email addresses and hashed passwords of the affected user base, a total of 68,680,741 Dropbox accounts were successfully targeted during the 2012 hack. When Dropbox announced it was going through with the preventative password reset measure last week, the company didn't give any hint as to the extent of the users touched by the four-year-old hack.

dropbox_logo
The "incident," as Dropbox refers to it, was a data breach in the summer of 2012 where a few users began reporting spam sent to email addresses connected to a Dropbox account. Due to a password hack connected to other websites, hackers were able to sign in to "a small number" of Dropbox accounts, including an employee's who had access to a document listing an array of user email addresses.

Dropbox is confident its message to users last week has covered "all potentially impacted users," and the company is encouraging users to still reset passwords on other services that have the same login information, particularly passwords, previously used for Dropbox.

“We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," said Patrick Heim, Head of Trust and Security for Dropbox. "We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

As Motherboard discovered, nearly 32 million of the affected accounts were secured with the strong hashing function bcrypt, "meaning it is unlikely that hackers will be able to obtain many of the users' actual passwords." The other half of the passwords had a slightly less secure SHA-1 aging algorithm and were salted with a random string of characters to further strengthen them. Since 2012, Dropbox has changed up this password and account hashing process several times in attempt to make sure every user remains secure.

Motherboard confirmed that none of the four files, which total 5GB of collected user login data, appear to be anywhere on the dark web. Also, given Dropbox's aggressive measures taken in the past week, their value will continue to "diminish" over time.

Tag: Dropbox

Top Rated Comments

wizard Avatar
55 months ago
Anybody that thinks online storage will ever be secure is nuts in my mind. Eventually every service will fall to hacking. If you have important dats either encrypt it or keep it off line.
Score: 3 Votes (Like | Disagree)
coolfactor Avatar
55 months ago
What the heck was a Dropbox employee doing with a file containing the login details for 68 million Dropbox users?
Score: 3 Votes (Like | Disagree)
technopimp Avatar
55 months ago

Can someone tell me where I can find "the Dark Web"?

If you have to ask...
Score: 1 Votes (Like | Disagree)
SandboxGeneral Avatar
55 months ago
I haven't yet to date received any spam that was associated with this hack - at least that I know of. I get a few spam emails now and then, but the junk filter gets them. As for the data I stored in Dropbox, it was all protected inside an encrypted container I made so even if my stuff was taken, there wasn't any way anyone could get to it.
Score: 1 Votes (Like | Disagree)
ArtOfWarfare Avatar
55 months ago

What the heck was a Dropbox employee doing with a file containing the login details for 68 million Dropbox users?

Selling it.

Seriously though, I was wondering that exact same thing. I've had access at various companies to download login details, but I've never done that, because why would I?

I feel like the biggest vulnerability at every company that has any user credentials is always a rouge employee.

Anyways - I changed the email account that was connected to my Dropbox account in 2014... does that immediately mean I don't need to worry about anything? (I originally signed up using my college email address, but when I graduated, I stopped using that address and also changed everything that I had previously associated with it another address.)
Score: 1 Votes (Like | Disagree)
Shirasaki Avatar
55 months ago

Sweet. I received three notices. Thank God I had forgotten I tried it. There's something to say about parking your data at companies who do not even tell you the truth when a fallout happens. Bye Dropbox.

It is human nature to try to cover issues, regardless of scale, before anyone knows it. This Applies on individual, company, and to a greater extent, nations.

If the leak of user data only affects 68 users, not 68m users, we would not even see any media reporting this 68 users data leak.
Score: 1 Votes (Like | Disagree)

Top Stories

0 Deals Hero

Black Friday 2020: Best Apple Deals to Plan For

Saturday November 21, 2020 10:00 am PST by
In the lead-up to Black Friday next week, we've been putting a spotlight on the best deals coming from various retailers like Best Buy and Walmart. In an effort to further prepare our readers for the best Black Friday deals, we're breaking down what we think should be on your radar for Black Friday in 2020. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
2020 apple shopping event

Apple Offering Up to $150 Gift Card With Select Products on Black Friday Through Cyber Monday

Monday November 23, 2020 2:53 am PST by
Apple has announced its annual four-day shopping event, offering customers up to a $150 Apple Store gift card with the purchase of select products between Black Friday and Cyber Monday in the United States. The gift card values in the United States are as follows: $150 for 16-inch MacBook Pro $150 for 21.5-inch iMac $50 for 13-inch MacBook Pro $50 for MacBook Air $50 for iPhone SE,...
m1 mac mini vignette

Apple Lists M1-Based Mac Mini Logic Boards With 10 Gigabit Ethernet in Internal Parts Ordering System

Friday November 20, 2020 9:32 am PST by
While the new Mac mini with the M1 chip is only available with Gigabit Ethernet, Apple has listed multiple M1-based Mac mini logic boards with 10 Gigabit Ethernet in an internal parts list for Apple Authorized Service Providers. For every Mac mini logic board with Gigabit Ethernet in the parts list, obtained by MacRumors, there is a corresponding logic board with 10 Gigabit Ethernet:...
ipad pro 2020 display

Black Friday Week Kicks Off With Up to $150 Savings on 2020 iPad Pro

Sunday November 22, 2020 2:37 pm PST by
As we head into Black Friday week, we're seeing some of the best deals of the season so far, with Amazon and Best Buy today discounting the latest iPad Pro models by up to $150 at the lowest prices we've ever tracked on these models. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep ...
macos big sur m1 macs restore issue

Apple Provides Instructions to Fix macOS Reinstallation Errors on M1 Macs

Sunday November 22, 2020 3:30 pm PST by
Shortly after the launch of Apple's new M1 Macs, we saw reports that attempts to restore and reinstall macOS on those machines right away could result in an installation error that would leave your Mac non-functional. Specifically, the error message would read: "An error occurred preparing the update. Failed to personalize the software update. Please try again." Over the weekend, Apple p...
iPhone 6s main

Rumor Claims iOS 15 to Drop Support for iPhone 6s and Original iPhone SE

Sunday November 22, 2020 9:25 am PST by
Apple will drop support for the iPhone SE, iPhone 6s, and iPhone 6s Plus in next year's release of iOS 15, according to a rumor shared today by Israeli site The Verifier. If the rumor is accurate, that would mean iOS 15 will be compatible with the following Apple devices: 2021 iPhone series iPhone 12 Pro Max iPhone 12 Pro iPhone 12 mini iPhone 12 iPhone 11 iPhone 11 Pro iPhone 11 Pro ...
new m1 chip

Craig Federighi: Native Windows on M1 Macs is 'Really up to Microsoft'

Friday November 20, 2020 11:57 am PST by
Following the release of the M1 Macs Apple executives have been doing interviews with a range of publications, and today, Ars Technica published another interview with software engineering chief Craig Federighi, hardware technologies lead Johny Srouji, and marketing VP Greg Joswiak. Much of the interview focuses on topics that the three have already covered in prior discussions, but there is ...
Walmart November Deals Hero

Black Friday Spotlight: Walmart Will Have AirPods Pro Down to Lowest Price of $169, and More Apple Deals

Thursday November 19, 2020 8:05 am PST by
We've been tracking early Black Friday deals in our dedicated Black Friday Roundup, and in an effort to prepare our readers for the big shopping event we're highlighting sales store-by-store in the lead-up to November 27. Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Next ...
xlK6MS4MLqVFaskl

iFixit Shares iPhone 12 Pro Max Teardown Revealing L-Shaped Battery and Bigger Camera Module

Sunday November 22, 2020 2:53 am PST by
In the last of its iPhone 12 series teardowns, iFixit has published its iPhone 12 Pro Max disassembly, which reveals some unique differences in the design of the internals, including the full extent of the larger camera system responsible for the improved low-light performance on Apple's largest iPhone to date. On opening the iPhone 12 Pro Max, the first obvious difference compared to the...
apple leather sleeve

Leather Sleeve for iPhone 12 Models Now Available From Apple

Friday November 20, 2020 12:16 pm PST by
Apple today began selling the Leather Sleeve for the new iPhone 12 models, with the accessory having first been announced alongside the updated iPhones in October. Priced at $129, the Leather Sleeve is not a case and is designed to be removed when the iPhone is in use. It features a cutout at the front that displays the time, and it comes with a matching leather strap. According to Apple, it ...