Short Bytes: The long-rumored Dropbox data breach has now been confirmed by the company. This hack has affected more than 68 million user accounts. To mitigate any danger, Dropbox is now forcing a password reset while visiting the website. Thankfully, the Dropbox data dump hasn’t appeared on any major dark web marketplace.
Recently, Dropbox notified its users after its security experts found this batch of Dropbox account credentials. This hack is coming into the limelight as the company is now forcing a password reset.
Here’s what the password reset message says:
This set of 5GB files was obtained by Motherboard through the breach notification service Leakbase. The database includes email addresses and hashed passwords of the users.
Confirming the hack, Patrick Heim, Head of Trust and Security for Dropbox, says that the proactive password reset process was completed last week, covering all the impacted users.
“We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
— Heim says.
Out of the 68 million, nearly 32 million passwords are secured by the strong hashing function bcrypt. The rest data is hashed with SHA-1 hashing algorithm. Motherboard writes that these hashes are also believed to be using a salt, that’s a random string to strengthen password security.
According to a spokesperson, Dropbox has found no trace of any account being accessed illegally. The Dropbox dump also hasn’t appeared on any major dark web marketplace.
fossBytes advises its readers to change their Dropbox passwords immediately. Also, developing a habit of choosing strong passwords and changing them from time to time is something that everybody should develop.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.