Dropbox Forces Some Users to Reset Passwords; Cites Leaked Credential Cache

Dropbox Forces Some Users to Reset Passwords; Cites Leaked Credential Cache
Highlights
  • Users registered before mid-2012 will be asked to reset their passwords
  • Those who haven't changed their password since then will also be asked
  • This is due to a hacked file obtained by its intelligence team

Dropbox has sent out password resets to all of its users that have signed up for the service prior to mid-2012, or not changed their password since that time. The company asserts that no accounts have been hacked, and the reset is being done as "purely a preventative measure".

The cloud storage company elaborates that measure is being taken after its intelligence team obtained an old set of Dropbox credentials (email addresses as well as hashed and salted passwords that may have been leaked in an 'incident' in 2012, referring to the massive Linkedin hack that year. The usernames and passwords stolen in the Linkedin hack, were used to sign in to many Dropbox accounts as well at that time. This obtained file also links back to the LinkedIn hack, and Dropbox is taking preventive measures to stop it from reoccurring. This file was held quietly for many years, but as it surfaced again, Dropbox wants all of its old users to reset their passwords.

Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time. Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we're requiring anyone who hasn't changed their password since mid-2012 to update it the next time they sign in.

If you are a Dropbox user, we recommend you to change your password anyway, even if you've registered for the service post 2012. Users who joined Dropbox before mid-2012, or who haven't changed their password since then, will get a password reset prompt automatically when they next sign in. Just follow the steps to change password, and ensure that you have strong password for added security (Dropbox has a password strength meter, use a mix of letters, numerals, and symbols). For users who haven't received a prompt, head to this page, enter registered email ID, and click the link that you receive in email to enter your new password.

Dropbox even asks users to enable two-step verification for added security. In order to enable this, sign-in to Dropbox, and head to Settings > Security > Enable Two-Step Verification. This will add OTP as an added process every time you log-in. In 2014, Dropbox faced its first massive leak. An anonymous hacker got hold of roughly 7 million usernames and passwords and posted them all on PasteBin. However, Dropbox refused to acknowledge the leak, and claimed that the usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Huawei Flagship Smartphones to Come With Truecaller Preloaded From September
Uber Said to Lose at Least $1.2 Billion in First Half of 2016

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com