A Dropbox security breach in 2012 has affected more than 68 million account holders, according to security experts<\/p>\n
Last week, Dropbox reset all passwords that had remained unchanged since mid-2012 “as a preventive measure”.<\/p>\n
In 2012, Dropbox had said hacks on “other websites” had affected customers who used their Dropbox password on other sites too.<\/p>\n
But now what purports to be the details of 68.6 million Dropbox accounts have emerged on hacker trading sites.<\/p>\n
The 5GB document has been acquired by a Motherboard reporter, who also said it had been verified as genuine by a “senior Dropbox employee” speaking on the condition of anonymity.<\/p>\n
The data includes email addresses and hashed passwords.<\/p>\n
But security researcher Troy Hunt, who has also seen the document, said the hashing algorithm that obscured the passwords was “very resilient to cracking”.<\/p>\n
“Frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public,” he said.<\/p>\n
Mr Hunt said he had managed to independently verify the hack by finding the password of his wife within the cache.<\/p>\n
He told BBC News the document contained a “very unique, 20-character, completely random password” used by his wife to login to Dropbox.<\/p>\n
It had been created by a password manager, he said, making the chance of it having been correctly guessed “infinitely small”.<\/p>\n
Mr Hunt wrote his blog: “There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords – you simply can’t fabricate this sort of thing.”<\/p>\n
Security researcher Ken Munro also said the hack appeared to be genuine and to have “taken place in 2012”.<\/p>\n
In a statement sent to the BBC, Dropbox said: “This is not a new security incident.”<\/p>\n
And there was “no indication” Dropbox user accounts had been improperly accessed.<\/p>\n
“Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012,” said the statement.<\/p>\n
“We can confirm that the scope of the password reset we completed last week did protect all impacted users.<\/p>\n
“Even if these passwords are cracked, the password reset means they can’t be used to access Dropbox accounts.”<\/p>\n
Meanwhile, on Tuesday the password management service OneLogin – of which Dropbox is a client – revealed that a user gained access to one of its systems used for log storage and analytics.<\/p>\n
Alvaro Hoyos, chief information security officer at OneLogin, has said that this incident is not connected to the Dropbox hack.<\/p>\n
“We have no indication that OneLogin’s August 2016 incident is connected to any further incidents currently in the news,” Mr Hoyos told the BBC.<\/p>\n
“To reiterate what our recent blog post stated, the impacted system is a standalone system and there are no signs of suspicious activity in any of our other systems.<\/p>\n
“The security of our customers is of the utmost importance and we are carrying out an extensive investigation in partnership with a third-party cybersecurity firm. We are advising impacted customers as soon as any additional information becomes available as a result of the investigation.”<\/p>\n
–<\/p>\n
Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"
A Dropbox security breach in 2012 has affected more than 68 million account holders, according to security experts Last week, Dropbox reset all passwords that had remained unchanged since mid-2012 “as a preventive measure”. In 2012, Dropbox had said hacks on “other websites” had affected customers who used their Dropbox password on other sites too. […]<\/p>\n","protected":false},"author":14,"featured_media":244639,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jnews-multi-image_gallery":[],"jnews_single_post":[],"jnews_primary_category":[],"jnews_social_meta":[],"jnews_override_counter":[],"footnotes":""},"categories":[106],"tags":[],"class_list":["post-244638","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/244638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=244638"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/244638\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/media\/244639"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=244638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=244638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=244638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}