In June, we wrote about the largest social media data breaches to date. And now, just a few short months later, there’s a new site that we could add to the list. Dropbox, the popular cloud storage site, has been hacked. Why or by whom, no one knows. But what we do know is that approximately 68 million usernames and passwords — which amounts to roughly two thirds of Dropbox’s entire userbase — were acquired by Motherboard before being independently verified.
The hack itself came to light when Dropbox announced that it had reset the account login information for a huge number of users. In the same announcement, Dropbox revealed that it had learned of an “old” (ca. 2012) batch of user information being leaked. Luckily, even though the email usernames are in plain text, the passwords in the compromised data are all hashed, meaning that they present as just a long string of numbers and letters. Nevertheless, if you used or signed up for Dropbox prior to 2012, it’s probably a good idea to change your password anyway, especially if it’s a password you’ve used for other things (let’s face it, we all do that even if we’re not supposed to).
Dropbox has also advised its users to turn on two-factor authentication, which will either text or email you a code (that you enter in addition to your password) on any login attempt.
If you’re worried that your information might’ve been affected, Have I Been Pwned? has a nifty tool that you can use to check whether or not your email was leaked, not only in this hack, but in the other big ones from recent years.