Dropbox forced password resets for a number of users earlier this week as they discovered that account information of about 68 million users were leaked as a result of the infamous hack they weathered in 2012. The file-sharing company acknowledged the attack back then but the extent of the attack was unknown.
Motherboard recently got hold of a database of about 5GB containing details of 68,680,741 accounts in total. They verified the authenticity of data from a senior Dropbox employee. The leaked database contains email addresses along with hashed passwords.
“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” the company wrote.
About half of the leaked passwords are secured using strong hashing functions which must have made it almost impossible for hackers to crack however the other half is using SHA-1 algorithm which is easily crackable.
It is pretty much impossible that any user accounts were accessed using these stolen passwords as the leaked database is not easily available on the dark web where such data is often sold and Dropbox has also changed their password security measures several times since 2012.
Nonetheless, this leak defiantly adds up to the list of Dropbox’s troubles they are having since last year including growth issues and slow innovation.