Skip to main content

A hack from 2012 haunts Dropbox as details emerge on 68 million accounts

Dropbox Notes
aradaphotography/Shutterstock
Last week Dropbox advised users with accounts from around or before 2012 to change their passwords. That’s because a hack around four years ago compromised some 68 million accounts, and it’s only now that the extent of the attack is becoming clear.

Dropbox knew of the original hack, reports Motherboard, but was not aware of the scale. The site said it obtained a 5GB copy of the compromised data that contained email addresses and hashed passwords of more than 68 million accounts. An unnamed “senior Dropbox employee” verified the authenticity of the data.

Recommended Videos

At the same time Troy Hunt, the security pro behind haveibeenpwned.com, backed up these claims. He wrote that this database is not a collection of credentials that just happen to work on Dropbox but rather the result of a very real hack.

Please enable Javascript to view this content

“There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing,” he said, but added that he believed Dropbox were handling the situation very well by force resetting users’ passwords.

Patrick Heim, Dropbox’s head of trust and security, said all potentially affected users have been notified. He stated it was a precautionary measure, but did not specify how many passwords were reset by the company.

It was in a later statement that Dropbox clarified: “We can confirm that based on our intelligence number we have seen is in the 60+ mil range.”

Heim further warned users to change their passwords on other sites if they have reused their Dropbox credentials, and even if they use two-factor verification. The company added that it has seen no evidence of malicious activity on affected accounts.

The passwords that were stolen were hashed to protect them from being revealed to an attacker. However, they were not all hashed equally. Reportedly, 32 million of 68 million passwords were hashed by bcrypt, which is considered quite strong, but the remainder were hashed with SHA-1, which is gradually becoming outdated and easier to crack.

If you’re a Dropbox user that had an account in 2012, you should have received a password reset notification. If not, you may want to change your password anyway to be on the safe side, and certainly change any re-used passwords on other sites.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Google’s new policy tracks all your devices with no opt-out
View of synced tab groups appearing on an iPad.

Google has begun enforcing new tracking rules across connected devices, such as smartphones, consoles, and smart TVs, as BBC reports. The tech giant once called the fingerprint tracking technique "wrong" in 2019, but has since reintroduced it.

Google has commented that other companies broadly use the data, and it started using it on February 16, 2024. However, that may not sound any better since fingerprinting gathers user data about devices' hardware and software, which can then uniquely identify a specific device or user.

Read more
This Lenovo ThinkPad is normally $3,229 — today it’s $1,453
A press photo of the ThinkPad X1 Carbon Gen 11.

If you're on the hunt for a powerful but portable laptop, you may want to consider going for the Lenovo ThinkPad X1 Carbon Gen 11. It's tagged with an estimated value of $3,229 by Lenovo, but it can be yours for $1,453 for huge savings of $1,776. It's rare to see a 55% discount from laptop deals, so you wouldn't want to miss this chance to take advantage of this bargain, but you're going to have to hurry because we're not sure how much time is remaining before this clearance sale ends.

Why you should buy the Lenovo ThinkPad X1 Carbon Gen 11 laptop
The Lenovo ThinkPad X1 Carbon Gen 13 is already out in the market, but that doesn't make the Lenovo ThinkPad X1 Carbon Gen 11 obsolete. In fact, the laptop still provides reliable performance with its 13th-generation Intel Core i7 processor, integrated Intel Iris Xe Graphics, and 32GB of RAM that's necessary for handling intensive applications or creating content, according to our laptop buying guide. The device runs on Windows 11 Pro out of the box for access to the operating system's more advanced features, and it's got a 512GB SSD for ample storage space for your files and apps.

Read more
Meta’s new ‘Llamacon’ event is all about open-source AI
A silhouetted person holds a smartphone displaying the Facebook logo. They are standing in front of a sign showing the Meta logo.

Meta announced on Tuesday that it is launching a new developers conference in April, dubbed "Llamacon," that will focus on “open source AI developments.”

The event is scheduled to take place April 29, 2025 and comes on the heels of "the unprecedented growth and momentum of our open-source Llama collection of models and tools," in an announcement post. The company has not shared any additional details, such as where the conference will take place or how much ticket prices will run, but the company promises to share more details "in the coming weeks."

Read more