Dropbox recently reset many of its users passwords due to a data breach that took place back in 2012.
However, the scale of that breach has only now become apparent. According to Motherboard, the details for a whopping 68,680,741 accounts were stolen. These details included email address and hashed (protected) passwords.
Because of the date of the breach, the only people who might be affected by this information floating around now are those who haven’t changed their Dropbox password in four years. Hence the big reset.
Security researcher Troy Hunt confirmed that the hacked data was real by checking his wife’s details for the cloud storage service.
Knowing her real Dropbox password, which dated back to 2012, he was able to confirm that the scrambled or hashed version in the hacked data was in fact genuine. Fortunately, he said Dropbox had done a good job of keeping those passwords hard-to-read.
“The bcrypt hashing algorithm protecting it is very resilient to cracking and frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public,” Hunt wrote.
Hunt runs a very useful service called “Have I Been Pwned” that lets people search troves of hacked login data for their own email addresses.
It now has almost all those credentials from the Dropbox breach in there, so search away.
And remember to enable two-factor authentication and to avoid sharing your passwords across multiple services—a Dropbox employee’s own lax practices enabled the theft of all this information in the first place.
More Must-Reads From TIME
- Inside the White House Program to Share America's Secrets
- Meet the 2024 Women of the Year
- East Palestine, One Year After Train Derailment
- The Closers: 18 People Working to End the Racial Wealth Gap
- Long COVID Doesn’t Always Look Like You Think It Does
- Column: The New Antisemitism
- The 13 Best New Books to Read in March
- Want Weekly Recs on What to Watch, Read, and More? Sign Up for Worth Your Time
Contact us at email@example.com