Hackers Stole 68 Million Dropbox Passwords in 2012 Attack

Joseph Cox, reporting for Motherboard:

Hackers have stolen over 60 million account details for online cloud storage platform Dropbox. Although the accounts were stolen during a previously disclosed breach, and Dropbox says it has already forced password resets, it was not known how many users had been affected, and only now is the true extent of the hack coming to light.

Motherboard obtained a selection of files containing email addresses and hashed passwords for the Dropbox users through sources in the database trading community. In all, the four files total in at around 5GB, and contain details on 68,680,741 accounts. The data is legitimate, according to a senior Dropbox employee.

Two things: First, Dropbox is supposedly good at this stuff. If a company that is good at large-scale cloud computing can get hacked and lose 68 million passwords, imagine how hard this stuff is. Second, Dropbox severely underplayed how bad this attack was. That’s shameful.

Wednesday, 31 August 2016