Skip to main content

A hack from 2012 haunts Dropbox as details emerge on 68 million accounts

Last week Dropbox advised users with accounts from around or before 2012 to change their passwords. That’s because a hack around four years ago compromised some 68 million accounts, and it’s only now that the extent of the attack is becoming clear.

Dropbox knew of the original hack, reports Motherboard, but was not aware of the scale. The site said it obtained a 5GB copy of the compromised data that contained email addresses and hashed passwords of more than 68 million accounts. An unnamed “senior Dropbox employee” verified the authenticity of the data.

Recommended Videos

At the same time Troy Hunt, the security pro behind haveibeenpwned.com, backed up these claims. He wrote that this database is not a collection of credentials that just happen to work on Dropbox but rather the result of a very real hack.

“There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing,” he said, but added that he believed Dropbox were handling the situation very well by force resetting users’ passwords.

Patrick Heim, Dropbox’s head of trust and security, said all potentially affected users have been notified. He stated it was a precautionary measure, but did not specify how many passwords were reset by the company.

It was in a later statement that Dropbox clarified: “We can confirm that based on our intelligence number we have seen is in the 60+ mil range.”

Heim further warned users to change their passwords on other sites if they have reused their Dropbox credentials, and even if they use two-factor verification. The company added that it has seen no evidence of malicious activity on affected accounts.

The passwords that were stolen were hashed to protect them from being revealed to an attacker. However, they were not all hashed equally. Reportedly, 32 million of 68 million passwords were hashed by bcrypt, which is considered quite strong, but the remainder were hashed with SHA-1, which is gradually becoming outdated and easier to crack.

If you’re a Dropbox user that had an account in 2012, you should have received a password reset notification. If not, you may want to change your password anyway to be on the safe side, and certainly change any re-used passwords on other sites.

Jonathan Keane
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
An elegant Mac app has turned my basic tasks into a whole lot of fun
Who knew switching between apps could be so much easier and elegant?
Employing the Dory app switcher on a MacBook Air

The concept of an app switcher tool is rather odd. After all, why would you need a tool for jumping between apps, when the Command+Tab shortcut works just fine and the three-finger swipe opens the Mission Control on the Mac? Well, there are solutions that work better. 

Second, when you bring the mouse and keyboard combo into the picture, the fluid convenience of the trackpad gesture flies out the window. Over the years, the developer community has produced some real app switcher gems. 

Read more
Upgrade to the Alienware 18 Area-51 gaming laptop with RTX 5070 Ti — $500 off!
The Alienware 18 Area-51 Gaming Laptop on a white background.

You should be ready to spend a lot if you want a powerful gaming laptop, but you should also be on the lookout for potential savings. Now's a great time to check out Alienware deals because of Dell's Black Friday in July sale, which includes a fantastic offer for the Alienware 18 Area-51 gaming laptop. This configuration with the Nvidia GeForce RTX 5070 Ti graphics card is down from $3,300 to $2,800, which is still expensive, but you wouldn't want to miss this chance at $500 in savings. You have to hurry though, as stocks may run out at any moment!

Buy Now

Read more
Save $100 on our pick for the best printer
HP includes full ink bottles with the Smart Tank 7602.

What do we need to print these days? Tax forms, student essays, and clearly-legible letters? Not so much. Bright invites, pictures, and presentation accompaniments? Yes, yes, and yes! In today's world, the typical person's needs in an inkjet printer are far different than the last time you were likely to have bought a printer. And the industry is catching up. Right now, our pick for the overall best printer of 2025 is $100 off as part of early Prime Day deals. That makes the $450 printer just $350 if you buy now. Plus, it comes with two years of HP's ink included. So, tap the button below to go check out the HP Smart Tank 7602 for yourself or keep reading to see what we like about it and what we found out during our review.

BUY NOW

Read more