UPDATE 8/31: As many as 60 million accounts may have been compromised in the 2012 breach that prompted Dropbox to request that users change their password, Vice News reports this week. A spokesperson told Vice that Dropbox has seen no evidence of malicious access of these accounts.
ORIGINAL STORY:
If you've neglected to change your Dropbox password for some time, now is a good time to update.
Dropbox is requiring users to reset their passwords if they haven't done so since mid-2012. While you're at it, the company also recommends that you consider two-factor authentication.
"Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time," reads a blog post from Dropbox.
"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we're requiring anyone who hasn't changed their password since mid-2012 to update it the next time they sign in."
The mid-2012 breach the company refers to is the huge LinkedIn breach that resulted in around 117 million or so login credentials leaking online earlier this year. While Dropbox doesn't believe that any accounts have been improperly accessed, it's forcing a password reset to ensure that any users potentially affected are safe.
"We're doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed. We're sorry for the inconvenience," reads Dropbox's blog post.
Dropbox also suggests that its users consider thinking about all the sites they've used over the past few years—easier said than done—and what login credentials they might need to change elsewhere, in case they've been using the same (or similar) email addresses and passwords to authenticate.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
