A Dropbox hack from 2012 exposed more than 68 million users' email addresses and passwords, new data reveals.
The cloud storage firm reported that the email addresses had been stolen at the time of the attack, but more details recently came to light when Motherboard obtained files containing email addresses and hashed passwords from security notification service Leakbase.
"There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing," independent security researcher Troy Hunt said in a blog post. He called the hashing algorithm that protected the passwords very resilient and said "all but the worst possible password choices are going to remain secure even with the breach now out in the public."
He verified the hack by finding his wife's password among the data, the BBC reported.
Last week, Dropbox notified its customers, encouraging those who haven't changed their passwords since 2012, to do so, and to enable the company's two-step verification.
"We’re doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed," Patrick Heim, head of Trust and Security for Dropbox, said in a blog post.
The hack occurred when a Dropbox employee reused a password previously used on LinkedIn, which itself suffered a security breach, The Guardian reported. Hackers entered Dropbox’s corporate network and gained access to the user database with passwords that were encrypted and “salted” with random additional characters inserted during encryption.
Users also are being encouraged to check other accounts for which they may have reused their Dropbox passwords.
Twitter users shared warnings about the hack.
© 2025 Newsmax. All rights reserved.