Hackers stole 68 million Dropbox accounts and dumped them online

We are looking at yet some other addition to this yr's ongoing list of high-profile data dumps. Dropbox and researchers accept confirmed that hackers have stolen over 68 million account credentials from the deject storage platform.

Softening the blow - non a good thought when information technology comes to user security

Earlier this week, Dropbox users received an e-mail notification warning users of password resets for a number of accounts. The data dump is linked to a 2022 breach. While the visitor did inform its users, it could accept used a more than straightforward tone to push users into taking action. Post-obit e-mail clearly states that information technology's a "preventative measure out," which is definitely not true when data of over 60 million of your users is dumped online. Unless recipients clicked on the added links to learn more, the subject area line "Resetting passwords from mid-2012 and earlier," did very less to alert users.

Dropbox is worried, we go that. Just, owning upwardly to a 4-year quondam information breach and resulting dump would only assistance the company in gaining user trust.

These accounts were stolen during a 2022 breach that was previously disclosed by the company. Dropbox explained that users who have signed upwards to apply Dropbox earlier mid-2012 and those who haven't changed their password since mid-2012 volition be forced to reset their passwords. At the time the email notification was sent out, there was no information about the number of affected users.

68 million Dropbox accounts stolen and dumped online

Now, Motherboard reports that the online Dropbox information dump contains details on 68,680,741 accounts. Weighing at 5GB, these files comprise email addresses and hashed passwords of users and are doing rounds in the database trading communities. "The data is legitimate, according to a senior Dropbox employee who was not authorized to speak on the record."

Dropbox had already confirmed this data breach in 2022, and had notified its users to change their passwords. "Nosotros've confirmed that the proactive countersign reset we completed last week covered all potentially impacted users," Patrick Heim, Head of Trust and Security for Dropbox said. "Nosotros initiated this reset as a precautionary measure and then that the old passwords from prior to mid-2012 can't be used to improperly admission Dropbox accounts. We notwithstanding encourage users to reset passwords on other services if they suspect they may have reused their Dropbox countersign."

Following the mega data dumps of LinkedIn, MySpace, VK.com, and Tumblr, Dropbox data dump is another example where stolen data from years-erstwhile breaches has been dumped online or put up for auction. Researchers have said that Dropbox dump isn't listed on any of the major night web marketplaces, and peradventure doesn't carry much value. Over 32 million of the dumped passwords were secured using a stiff hashing function, while the remainder are hashed with SHA-i.

Those interested can learn more about the used hashes in Troy Hunt's web log post. Y'all tin can besides check if your account details have been leaked online past searching on HaveIBeenPwned.com.

Dropbox published the following security statement, which can be accessed here in full.

Why did Dropbox prompt this password update?

Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an quondam set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2022. Our analysis suggests that the credentials relate to an incident nosotros disclosed around that fourth dimension.

Based on our threat monitoring and the mode we secure passwords, we don't believe that any accounts take been improperly accessed. Still, equally i of many precautions, we're requiring anyone who hasn't changed their countersign since mid-2012 to update it the next time they sign in.

Source: https://wccftech.com/hackers-stole-68m-dropbox-accounts/

Posted by: monroewhithre1978.blogspot.com

Share this post