68 Million Stolen Dropbox Customer Credentials Leaked 4 Years After Theft.
The customer usernames, email addresses and encrypted passwords of an astonishing 68 million customers which were stolen in a hack back in 2012 have re-surfaced in a recent leak.
The leak of this vast number of customer credentials was discovered when security notification service Leakbase picked up the database and sent it to technology website ‘Motherboard’.
Back in July 2012, Dropbox, which then had approximately 100 million customers was informed that some of their customers were receiving email at email addresses that were only used for Dropbox.
Dropbox then notified users who had not changed their password that year. At the time of the theft, Dropbox were also known to be practicing good user data security procedures and were even upgrading their SHA1 standard encryption to the more secure bcrypt standard.
With this leak of Dropbox customer credentials some 4 years later we now know that over two-thirds of Dropbox user accounts had in fact been stolen.
The leak of the 68 million credentials has meant that Dropbox are reported to have stuck with the position that password reuse was to blame for the original theft and not any breach of its network.
Some security commentators, however, have been publicly sceptical of this claim stating that it is unlikely that the full amount of leaked credentials could have been pieced together from other sources. Another explanation that sceptics have put forward is that the data could possibly have been taken from a log on the Dropbox system.
No Danger at the Moment.
It is believed that despite this recent data dump current Dropbox customers are not in any immediate danger because of the very secure bcrypt encryption system and because of the actions Dropbox took at the time and have taken since the original hack took place.
What Does This Mean For Your Company?
This latest leak, its scale, and the fact that Dropbox were using good security practices at the time shows how essential it is in 2016 that there is tight security at both the user and the data storing business end. Your online customers for example ideally need very strong passwords, two-step authentication, and no re-use of passwords to feel and be more secure.