Last Friday, Dropbox announced that users who had not changed their Dropbox passwords since mid-2012 will need to reset their passwords, an action believed to have been related to the massive hack on LinkedIn in 2012 where credentials for 117 million accounts were posted online. While the company did not publish an exact figure on the number of resets, it has now been revealed that over 60 million Dropbox accounts were hacked during the breach.
The folks over at Motherboard have obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. A senior Dropbox employee has also confirmed that the data is indeed legitimate, adding that these 60 million user accounts are related to the same data breach incident.
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
A spokesperson for Dropbox has however stated that no evidence of malicious access of these accounts has been found.
This would be a good time to change your password, and check your security settings to unlink any old devices and apps still registered with access to your Dropbox. Also, enable two-step security to further protect your account.
Update: Dropbox has updated their previous blog post to state 68 million user credentials from 2012 were compromised:
Since our original post, there have been many reports about the exposure of 68 million Dropbox credentials from 2012. The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed. We’re very sorry this happened and would like to clear up what’s going on.
Click here to sign up for Dropbox and get 500MB of extra space.