Back in 2012 Dropbox suffered a hack where the usernames, email addresses and encrypted passwords of 68 million customers were stolen. Now those stolen details have re-surfaced after security notification service Leakbase picked up the database and sent it to technology website ‘Motherboard’.
Hacked 4 Years Ago.
As an IT Support Company in Hertfordshire we know how popular Dropbox is among businesses and we can remember when news of the hack was reported. It doesn’t seem like 4 years ago but it was actually back in July 2012 when Dropbox started to get word from customers that they were suddenly receiving email at email addresses that were only used for Dropbox.
This alerted the company to the fact that a hack had taken place although Dropbox said at the time that usernames and passwords had been stolen from other websites and used to sign in to a small number of Dropbox accounts. The company also admitted however that in addition to taking customer details, the hackers had also stolen a Dropbox employee's credentials, and then used them to access a project document with user email addresses.
Dropbox then notified users who had not changed their password that year. At the time of the theft, Dropbox were also known to be practicing good user data security procedures and were even upgrading their SHA1 standard encryption to the more secure bcrypt standard.
With this leak of Dropbox customer credentials some 4 years later we now know that over two-thirds of Dropbox user accounts had in fact been stolen.
Password Reuse Blamed.
As an IT Support Company in Hertfordshire we know how security concerns around passwords in recent years have led to a drive for the introduction of more secure means of verification and authentication such as biometrics. Back when the Dropbox customer credentials were blame for the theft was put on password reuse rather than a network breach.
Some security commentators, however, have been publicly sceptical of this claim stating that it is unlikely that the full amount of leaked credentials could have been pieced together from other sources. Another explanation that sceptics have put forward is that the data could possibly have been taken from a log on the Dropbox system.
No Danger at the Moment.
It is believed that despite this recent data dump current Dropbox customers are not in any immediate danger because of the very secure bcrypt encryption system and because of the actions Dropbox took at the time and have taken since the original hack took place.
What Does This Mean For Your Business?
This latest leak, its scale, and the fact that Dropbox were using good security practices at the time shows how essential it is in 2016 that there is tight security at both the user and the data storing business end. Your online customers for example ideally need very strong passwords, two-step authentication, and no re-use of passwords to feel and be more secure.
If you’re storing user password data it may help to use a good and trusted password manager as well as being able to offer up-to-date and very secure encryption. With GDPR on the way in 2018 now would be a good time anyway to make sure that your company data is collected, stored and used in a way that will be totally compliant as well as very secure.