After Dropbox forced a password reset on any user who hadn't changed their login credentials since mid-2012 -- due to a hack faced by the company that year -- new information has surfaced recently detailing the extent of the user data leak.

According to a collection of files obtained by Motherboard, containing the email addresses and hashed passwords of the affected user base, a total of 68,680,741 Dropbox accounts were successfully targeted during the 2012 hack. When Dropbox announced it was going through with the preventative password reset measure last week, the company didn't give any hint as to the extent of the users touched by the four-year-old hack.

dropbox_logo
The "incident," as Dropbox refers to it, was a data breach in the summer of 2012 where a few users began reporting spam sent to email addresses connected to a Dropbox account. Due to a password hack connected to other websites, hackers were able to sign in to "a small number" of Dropbox accounts, including an employee's who had access to a document listing an array of user email addresses.

Dropbox is confident its message to users last week has covered "all potentially impacted users," and the company is encouraging users to still reset passwords on other services that have the same login information, particularly passwords, previously used for Dropbox.

“We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," said Patrick Heim, Head of Trust and Security for Dropbox. "We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

As Motherboard discovered, nearly 32 million of the affected accounts were secured with the strong hashing function bcrypt, "meaning it is unlikely that hackers will be able to obtain many of the users' actual passwords." The other half of the passwords had a slightly less secure SHA-1 aging algorithm and were salted with a random string of characters to further strengthen them. Since 2012, Dropbox has changed up this password and account hashing process several times in attempt to make sure every user remains secure.

Motherboard confirmed that none of the four files, which total 5GB of collected user login data, appear to be anywhere on the dark web. Also, given Dropbox's aggressive measures taken in the past week, their value will continue to "diminish" over time.

Tag: Dropbox

Top Rated Comments

wizard Avatar
78 months ago
Anybody that thinks online storage will ever be secure is nuts in my mind. Eventually every service will fall to hacking. If you have important dats either encrypt it or keep it off line.
Score: 3 Votes (Like | Disagree)
coolfactor Avatar
78 months ago
What the heck was a Dropbox employee doing with a file containing the login details for 68 million Dropbox users?
Score: 3 Votes (Like | Disagree)
technopimp Avatar
78 months ago
Can someone tell me where I can find "the Dark Web"?
If you have to ask...
Score: 1 Votes (Like | Disagree)
SandboxGeneral Avatar
78 months ago
I haven't yet to date received any spam that was associated with this hack - at least that I know of. I get a few spam emails now and then, but the junk filter gets them. As for the data I stored in Dropbox, it was all protected inside an encrypted container I made so even if my stuff was taken, there wasn't any way anyone could get to it.
Score: 1 Votes (Like | Disagree)
ArtOfWarfare Avatar
78 months ago
What the heck was a Dropbox employee doing with a file containing the login details for 68 million Dropbox users?
Selling it.

Seriously though, I was wondering that exact same thing. I've had access at various companies to download login details, but I've never done that, because why would I?

I feel like the biggest vulnerability at every company that has any user credentials is always a rouge employee.

Anyways - I changed the email account that was connected to my Dropbox account in 2014... does that immediately mean I don't need to worry about anything? (I originally signed up using my college email address, but when I graduated, I stopped using that address and also changed everything that I had previously associated with it another address.)
Score: 1 Votes (Like | Disagree)
Shirasaki Avatar
78 months ago
Sweet. I received three notices. Thank God I had forgotten I tried it. There's something to say about parking your data at companies who do not even tell you the truth when a fallout happens. Bye Dropbox.
It is human nature to try to cover issues, regardless of scale, before anyone knows it. This Applies on individual, company, and to a greater extent, nations.

If the leak of user data only affects 68 users, not 68m users, we would not even see any media reporting this 68 users data leak.
Score: 1 Votes (Like | Disagree)

Popular Stories

ios 16 beta 5 battery percent

iOS 16 Beta 5: Battery Percentage Now Displayed in iPhone Status Bar

Monday August 8, 2022 10:43 am PDT by
With the fifth beta of iOS 16, Apple has updated the battery icon on iPhones with Face ID to display the specific battery percentage rather than just a visual representation of battery level. The new battery indicator is available on iPhone 12 and iPhone 13 models, with the exception of the 5.4-inch iPhone 12/13 mini. It is also available on the iPhone 11 Pro and Pro Max, XS and XS Max, and...
iPhone 14 Lineup Feature Purple

Color Options for All iPhone 14 Models: Everything We Know

Monday August 8, 2022 3:59 am PDT by
The iPhone 14 and iPhone 14 Pro models are rumored to be available in a refreshed range of color options, including an all-new purple color. Most expectations about the iPhone 14 lineup's color options come from an unverified post on Chinese social media site Weibo earlier this year. Overall, the iPhone 14 and iPhone 14 Pro's selection of color options could look fairly similar to those of the ...
iOS 16 battery percentage

Apple Limiting iOS 16 Beta 5 Battery Percentage Display to Select iPhones: Here Are the Supported Devices

Tuesday August 9, 2022 2:51 am PDT by
Apple this week brought back one of the most highly requested features from iOS users since the launch of the iPhone X in 2017: the ability to see your battery percentage directly in the status bar. Ever since the launch of the iPhone X with the notch, Apple has not allowed users to show their battery percentage directly in the status bar, forcing them to swipe down into Control Center to...
ios 16 battery indicator 2

Everything New in iOS 16 Beta 5: Battery Percentage in Status Bar, Find My Changes and More

Monday August 8, 2022 12:53 pm PDT by
Apple today seeded the fifth beta of iOS 16 to developers for testing purposes, introducing some small but notable changes to the iOS operating system. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up everything new in the fifth beta below. Battery Percentage in Status Bar The battery icon in the status bar now displays the exact battery percent, a feature that ...
iphone 14 pro max camera bump compared lipilipsi 16 9

Bigger iPhone 14 Pro Max Camera Bump Shown Alongside iPhone 13 Pro Max

Monday August 8, 2022 4:33 am PDT by
The camera bump on the upcoming iPhone 14 Pro Max is expected to be the largest rear lens housing Apple has ever installed on its flagship smartphones, and a new photo offers a rare glimpse at just how prominent it is compared to Apple's predecessor device. iPhone 14 Pro Max dummy (left) vs iPhone 13 Pro Max All iPhone 14 models are expected to see upgrades to the Ultra Wide camera on the...
cook sept 2020 event

Gurman: Apple Preparing Pre-Recorded iPhone 14 and Apple Watch Series 8 Event

Sunday August 7, 2022 6:13 am PDT by
Apple has "started to record" its virtual September event, where it's expected to announce the upcoming iPhone 14 lineup, the Apple Watch Series 8, and a new "rugged" Apple Watch model, according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, Gurman says the event, which is expected to take place in the early part of September, is already under production, implying...
airpods pro black background

Beyond iPhone 14: Five Apple Products Expected to Launch Later This Year

Monday August 8, 2022 9:43 am PDT by
While the iPhone 14 and Apple Watch Series 8 are expected to be announced in September as usual, there are several more Apple products rumored to launch later this year, including new iPad and Mac models and more. Beyond the iPhone and Apple Watch, we've put together a list of five Apple products that are most likely to be unveiled by the end of 2022. Second-Generation AirPods Pro Apple...