Hackers Stole 68M Dropbox Accounts… 4 Years Ago

Adam Rowe

Dropbox's biggest hack happened in 2012. Files totaling 5GB with the details of 68,680,741 accounts were found online, and a “senior Dropbox employee” has confirmed that the leak information is legitimate, according to Motherboard.

Dropbox has released a statement about the hack, further clarifying what has happened:

“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.”

Earlier this week, a proactive password reset covered all the accounts affected by the Dropbox hack. However, given that the details have been stolen since 2012, a four-year gap remains in which millions of Dropbox users' data was not as secure as they would have hoped. Side note: Dropbox had 100M total users in 2012.

The Hack Probably Didn't Do Any Damage

There's a silver lining: There's no evidence of foul play tied to the use of the account data, just in the initial hack that stole it. Dropbox, at least, has seen “no evidence of malicious access of these accounts,” according to a spokesperson. Motherboard further explains the reasons why:

“Nearly 32 million of the passwords are secured with the strong hashing function bcrypt, meaning it is unlikely that hackers will be able to obtain many of the users' actual passwords. The rest of the passwords are hashed with what appears to be SHA-1, another, aging algorithm. These hashes seem to have also used a salt; that is, a random string added to the password hashing process to strengthen them.”

Most of the damage dealt out in the Dropbox hack, it seems, was to Dropbox's reputation. They responded as best they could, but their business model as an online cloud storage platform makes them a ready target for over-eager hackers.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for the last decade. He's also a Forbes Contributor on the publishing industry (and Digital Book World 2018 award finalist) and has appeared in publications including Popular Mechanics and IDG Connect. When not glued to TechMeme, he loves obsessing over 1970s sci-fi art.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals