Users who have not changed their Dropbox passwords since mid-2012 will need to reset their passwords, starting today. According to TechCrunch, the action is related to continued fallout over the massive hack on LinkedIn in 2012 where credentials for 117 million accounts were posted online. Dropbox believes that often passwords remain unchanged, and are re-used across multiple accounts, leaving entire online identities vulnerable to hacks.
The company has announced in a blog post that so far, it doesn’t believe that any accounts have been improperly accessed. During the 2012 incident, one Dropbox employee’s account was accessed with a project document that contained email addresses. In connection with the existence of the file, Dropbox is now requiring its users to reset their passwords if they have remained unchanged.
Here’s what the announcement says:
If you signed up for Dropbox prior to mid-2012 and haven’t changed your password since, you’ll be prompted to update it the next time you sign in. We’re doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed. We’re sorry for the inconvenience.
If prompted, all you need to do is choose a new and strong password. We provide a password strength meter to help you. If you don’t receive a prompt, you don’t need to do anything. However, for any of you who’ve used your Dropbox password on other sites, we recommend you change it on Dropbox and other services.
It is also strongly recommended that you enable two-step verification, in case you haven’t done it already.