Dropbox says 68 million user IDs stolen

September 1, 2016
Dropbox said it learned of the theft of clients' data only two weeks ago after the 68 million user credentials were posted online

Cloud-based data storage company Dropbox said Thursday that user IDs and passwords of some 68 million clients were stolen four years ago and recently leaked onto the internet.

The company said it had no indication that any of its user accounts were improperly entered, and that it had notified the users and made them reset their passwords on the accounts.

The company learned of the theft of the only two weeks ago after the 68 million user credentials were posted online, but indicated it still does not know how or by whom.

"The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed. We're very sorry this happened and would like to clear up what's going on," the company said in an emailed statement.

Dropbox believes the credentials were taken in 2012. After learning of the problem, it said, "we then emailed all users we believed were affected and completed a password reset for anyone who hadn't updated their password since mid-2012."

"This reset ensures that even if these are cracked, they can't be used to access Dropbox accounts."

Dropbox warned users that if they had signed up for its services before 2012 and had used the same password elsewhere, they should change that as well to protect the account.

"Also, please be alert to spam or phishing because email addresses were included in the list," it said.

Dropbox early this year reported it had more than 500 million who store and share business files, pictures and video, and all sorts of other data on its cloud servers.

Explore further: LinkedIn confirms 2012 hack exposed 117M user passwords

Related Stories

Amazon orders reset for some customers' passwords

November 25, 2015

Amazon.com has required an undisclosed number of customers to reset passwords to their online accounts after the company said some passwords "may have been improperly stored" on devices.

Password breach spreads beyond LinkedIn

June 7, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network.

Hackers sock smartphone earpiece star Jawbone

February 13, 2013

Jawbone on Wednesday warned users of its earpieces and Jambox speakers that hackers stole names, email addresses and encrypted passwords from accounts used to make the wireless devices smarter.

Recommended for you

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

Nik_2213
not rated yet Sep 01, 2016
So what's been happening to those passwords etc between 2012 and now ??

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.