Wait, how many accounts were affected by a 2012 hack on Dropbox? About 68 million, according to multiple reports.
The legitimacy of the data was verified by Motherboard and vouched for by security expert Troy Hunt.
If you hadn’t changed your password since mid-2012, there’s not much reason to worry: since Dropbox forced a password reset on those accounts, the old one hackers found in the file wouldn’t be of any use. In addition, 32 million of the passwords were found to be strongly hashed using bcrypt, while the rest used the slightly weaker SHA-1 algorithm. The passwords had also been salted, i.e. appended with a random string of characters to obscure them further.
However, if you’ve used the same email address and password combination on other services, you’ll want to change those right away. It’s common for hackers to try using credentials from one company breach on other services and accounts.
2016 has not been a good year for online security. Earlier this year, 32 million Twitter passwords were put up for sale on the Deep Web for just $5,807; in May, 117 million LinkedIn account details were available for $2,200, and 45 million users’ credentials were stolen from numerous forums operated by a single company.
If you’re concerned about the safety of your online accounts, now would be a good time to try out a password manager like 1Password and enable two-factor authentication on every service that offers it.
Eileen E. White