Dropbox Says 68 Million Usernames and Passwords Stolen in 2012 Hack
01 September 2016 - 11:40AM
Dow Jones News
Dropbox Inc. is forcing some users to reset passwords after
discovering that 68 million usernames and passwords were stolen
from the online-storage site during a 2012 hack.
The company began resetting user passwords last week after
learning people outside the company had obtained files containing
the credentials, a company spokeswoman said. All users who haven't
reset their passwords since mid-2012 are being required to reset
their passwords.
Dropbox had previously disclosed that it had been compromised in
2012, but the company underestimated the impact of the incident. On
Wednesday, the company said it was unaware of the full extent of
the hack until the files surfaced.
The stolen passwords were obscured via a cryptographic technique
that makes them difficult to decipher, but simple passwords could
be at risk from password cracking software.
Users' email addresses are linked to the passwords, so hackers
could test the passwords on other services. This is a common
technique that has kept security experts at internet companies busy
this year protecting their password-reusing customers.
"If you signed up for Dropbox before mid-2012 and reused your
password elsewhere, you should change it on those services," the
company said in a Wednesday blog post.
On its blog, Dropbox said it had "no indication that Dropbox
user accounts have been improperly accessed," following the
incident.
The Dropbox database was obtained on Tuesday by the online
publication Motherboard.
The incident echoes a similar breach at LinkedIn Corp., which in
2012 was hacked and it also underestimated the extent of its
breach. Earlier this year, hackers began selling access to a
database of more than 100 million LinkedIn credentials and the
company was forced to reset passwords that had been compromised
four years earlier.
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
August 31, 2016 21:25 ET (01:25 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Linkedin Corp. Class A (NYSE:LNKD)
Historical Stock Chart
From Apr 2024 to May 2024
Linkedin Corp. Class A (NYSE:LNKD)
Historical Stock Chart
From May 2023 to May 2024