Skip to main content

Dropbox hacked in 2012, 68 million accounts circulate online today

Remember how Dropbox asked all those that haven't changed their passwords since 2012 to do so now? Remember how they said they did it for no particular reason, just as a precaution? Turns out, it was much more than that. 

As a matter of fact, back in 2012, more than 68 million accounts were hacked.  

“The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed,” the company’s head of trust Patrick Heim confirmed in a blog post.  “We’re very sorry this happened and would like to clear up what’s going on.” 

So yes, it is out of precaution after all.  A Motherboard reporter got his hands on a 5GB-big document, and verified it by a ‘senior Dropbox employee’, who obviously wanted to stay anonymous. The document contained emails and hashed passwords, but according to security expert Troy Hunt, they aren’t that easy to crack. 

"Frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public," he told the BBC

Writing a blog post on the matter, Hunt said the hack was ‘real’. 

“There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can't fabricate this sort of thing. It confirms the statement from Dropbox themselves, but this is the kind of thing I always like to be sure of.” 

Even if you have changed your password after 2012, it wouldn’t hurt to do it again.  

Image Credit: / Shutterstock   

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.