Hacked: Hacking Finance


68 Million Dropbox User Accounts Breached by Hackers

Posted on .

68 Million Dropbox User Accounts Breached by Hackers


This article was posted on Wednesday, 08:20, UTC.

Hackers have stolen over 68 million account details from popular cloud storage platform Dropbox, a report has revealed.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The latest entry to the roster of mega-breaches sees the revelation of a massive compromise of Dropbox user accounts. Altogether, over 68 million user account details were compromised, stemming from a 2012 breach. Late last week, Dropbox announced a mandatory password reset for a number of user accounts, specifically those created during or before mid-2012, when the breach occurred. While Dropbox did not reveal the number of accounts facing mandatory resets, the decision to reset passwords was taken out of precaution, Dropbox wrote recently.

The cloud storage provider had stated:

Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.

However, a report by Motherboard has now revealed that the breach has affected a staggeringly large number of users. The publication obtained a number of files containing email addresses and hashed passwords from Dropbox users affected during the breach. A total of four files, weighing around 5GB, contained details on a total of 68,680,741 Dropbox accounts.

Notably, Motherboard also cites a senior Dropbox employee who remained unnamed, to confirm that the data is legitimate.

The data dump also threw up some insights into the type of password algorithms used by Dropbox in 2012. Nearly 32 million passwords were secured using bcrypt – a commonly used resolute hashing function. As a result, it is highly unlikely that malicious hackers or cybercriminals who obtain the data would be able to obtain the affected users’ actual passwords. The rest of the passwords are hashed with an aging SHA-1 algorithm. These passwords appeared with a salt to reinforce the password hashing process with a random string as a means to strengthen the password.

While one hacker told Motherboard that he or she had already gained possession of the data dump, it hasn’t surfaced in major dark web marketplaces, where such dumps are usually found. Fortunately, the bcrypt hashing function adequately secures passwords, diminishing their value in the cybercriminal market.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Receive New Posts on Email:

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

  • user

    AUTHOR Kerouac

    Posted on 3:51 am September 5, 2016.

    Dropbox was already a pitstain on its customers anyhow! Dump that rubbish before it happens again, because they don’t do sh*t to secure/fix sh*t!

  • user

    AUTHOR Robert Morris

    Posted on 1:48 am September 6, 2016.

    I’m a professional hacker that is dedicated to Internet security and all things that deal with digital security ..I specialize in most fields of Apple ,Andriod,Microsoft.having trust issues with your partner, sincerity with employee’s,recover your email password or social networks,university grades changing/admin(staff) account hack-access/password,facebook,Instagram,bbm,Skype,snapchat,zoosk,match,eharmony,various blogs,clearing of criminal records,hack gmail accounts,yahoomail,hotmail,aol..gain access to bank accounts, transfer funds,credit card top ups,several other platforms that constantly run test on different networks and operating system to ensure complete security and functionality .all the services we offer are legal….contact me via email :[email protected]

  • View Comments (2) ...
    New results on the controversial, "impossible" EmDrive propulsion system could…