In 2012, someone hacked file sharing giant Dropbox. They stole approximately 68 million email addresses & passwords.
Hackers Stole Account Details for Over 60 Million Dropbox Users - Motherboard
Why are we hearing about it now? Because Dropbox sent out an email to its users in late August, trying to both alert them to the hack, and smooth it over.
Problem: Minimizing the Impact of a Data Breach Endangers Users’ Accounts
In the email, Dropbox told users that if their accounts were created in 2012 or earlier, they would need to enter a new password the next time they signed on. This is called a “forced password reset.”
It’s the right thing for Dropbox to do. But the incident itself, and Dropbox’s very belated response, are troubling.
Essentially, because Dropbox “has seen no evidence of malicious access of these accounts” (their words), it’s not a big deal.
What about when the stolen emails/passwords show up for sale on the Dark Web? On August 31, 2016, that’s exactly what they did.
Hacker Selling 68 Million Stolen Dropbox User Accounts on Dark Web – HackRead.com
Solution: If You Use Dropbox, Change Your Password Now
At this point, even if you’re not sure when you created your Dropbox account, it’s a good idea to change your password. (Or maybe switch to a secure file sharing service.)
To change your Dropbox password, click this link: Forgot Your Password? – Dropbox.com
Or, go to Dropbox.com and click Sign In. You’ll see a “Forgot Password?” link there. Click it and follow the instructions.
(Make sure your new password is strong enough by running it through our Password Strength Tester.)
We’ve said in the past that Dropbox is not built secure, and its privacy is in question. Their nonchalant response to a huge hack doesn’t help their reputation OR their users. If you’re one of them, protect yourself—Dropbox apparently isn’t doing it for you!
Questions about Secure File Sharing? Please email us at firstname.lastname@example.org for answers.