Dropbox hack 'affected 68 million users'
Last week, Dropbox reset all passwords that had remained unchanged since mid-2012 "as a preventive measure".
In 2012, Dropbox had said hacks on "other websites" had affected customers who used their Dropbox password on other sites too.
But now what purports to be the details of 68.6 million Dropbox accounts have emerged on hacker trading sites.
The 5GB document has been acquired by a Motherboard reporter, who also said it had been verified as genuine by a "senior Dropbox employee" speaking on the condition of anonymity.
The data includes email addresses and hashed passwords.
But security researcher Troy Hunt, who has also seen the document, said the hashing algorithm that obscured the passwords was "very resilient to cracking".
"Frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public," he said.
Mr Hunt said he had managed to independently verify the hack by finding the password of his wife within the cache.
He told BBC News the document contained a "very unique, 20-character, completely random password" used by his wife to login to Dropbox.
It had been created by a password manager, he said, making the chance of it having been correctly guessed "infinitely small".
Mr Hunt wrote his blog: "There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords - you simply can't fabricate this sort of thing."
Security researcher Ken Munro also said the hack appeared to be genuine and to have "taken place in 2012".
In a statement sent to the BBC, Dropbox said: "This is not a new security incident."
And there was "no indication" Dropbox user accounts had been improperly accessed.
"Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012," said the statement.
"We can confirm that the scope of the password reset we completed last week did protect all impacted users.
"Even if these passwords are cracked, the password reset means they can't be used to access Dropbox accounts."
Meanwhile, on Tuesday the password management service OneLogin - of which Dropbox is a client - revealed that a user gained access to one of its systems used for log storage and analytics.
Alvaro Hoyos, chief information security officer at OneLogin, has said that this incident is not connected to the Dropbox hack.
"We have no indication that OneLogin's August 2016 incident is connected to any further incidents currently in the news," Mr Hoyos told the BBC.
Posted:
Related Forum: PC General Forum
Source: http://www.bbc.co.uk/news/technology-37232635
Related Articles
Comments
MajPosted:
I use dropbox, but not for stuff I'm particularly bothered about. Its so easy to use, that's the only reason I downloaded it haha
SupervisorPosted:
I didn't even know this happened in 2012 lol. However good thing i don't even have an account.
neboPosted:
dah I just set an account up for my sister and this happens. Smh
Who is behind all of this Dropbox company a robot or something?
I mean if you read the article you'd know that it was from a breach in 2012, which they claim wasn't even their fault. Good luck getting that MVC badge dawg
Latest Downloads
- 01. Streets of Rage 4: SaveGame - all characters are open, all alternative moves(1)
- 02. Voices Of The Void: SaveGame (all improvements for work + completed 1 day 2.1b)(0)
- 03. Naruto Clash of Ninja 2 All Characters and Unlocks(0)
- 04. Dark Souls 2 Reskinned Weapons & Most items(0)
- 05. Infinite Stratos 2 - Ignition Hearts(2)
- 06. Silent Hill 2 Remake: SaveGame (ending "Leaving")(1)
- 07. Silent Hill 2 Remake: SaveGame (Step-by-step saves, no deaths, three endings)(4)
- 08. Euro Truck Simulator 2: SaveGame (6.16% Roads, All DLC) [1.51.1.1s](0)
- 09. My Summer Car: SaveGame (Quest: Failed Drift)(0)
- 10. SnowRunner: SaveGame (all trucks are open) [32.1](4)
- 11. [PS4/EU] Hatsune Miku: Project DIVA Future Tone 100% Trophy Save(7)
- 12. Silent Hill 2 Remake: SaveGame (Motel Jacks, NG+)(1)
- 13. Phasmophobia: SaveGame (XX-2000, $594,965,799, 3 apocalypse skulls + bonus)(3)
- 14. Satisfactory: SaveGame (Observation deck)(1)
- 15. [EU] Sniper Elite 5 - Best Of The Best (CUSA16075)(11)
Latest Tutorials
- 01. PS3 HEN - Audio via a USB headset.(351)
- 02. Stumble Guys | Social Butterfly Achievement(215)
- 03. Last Days of Lazarus Achievement Walkthrough (Xbox/PS)(1,487)
- 04. EDENGATE: The Edge of Life - 100% Trophy/Achievement Guide(1,840)
- 05. Sherlock Holmes Chapter One | Walkthrough | No Commentary(1,490)
- 06. Morbid: The Seven Acolytes | Full Game Walkthrough(2,484)
- 07. Adam Wolfe | Full Game Walkthrough | No Commentary(1,607)
- 08. ALFRED HITCHCOCK: VERTIGO - 100% Walkthrough(1,936)
- 09. SHERLOCK HOLMES THE AWAKENED | Walkthrough | No Commentary(1,365)
- 10. Space Roguelike Adventure | Guide - Cheat Code!(1,553)
- 11. DETECTIVE Stella Porta Case | Trophy & Achievement Guide(1,217)
- 12. Tunic 100% Platinum Walkthrough | Trophy & Achievement Guide(1,852)
- 13. Outbreak: The Nightmare Chronicles Achievement Walkthrough(1,490)
- 14. Full Void 100% - Trophy & Achievement Guide(1,467)
- 15. Outbreak: Lost Hope #Xbox Achievement Walkthrough(2,310)
"Dropbox hack 'affected 68 million users'" :: Login/Create an Account :: 11 comments