

We'd previously detected these attacks and the vast majority of the passwords posted have been. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. Update: Dropbox has sent us the following statement: Dropbox has not been hacked. However, DropBox has already emailed all affected users and completed a password reset process for anyone who had not updated their password since mid-2012, ensuring that hackers can not access your Dropbox accounts even if they crack leaked passwords. EDIT: ARS just posted this: ARS Technica. The best way to protect yourself is to change your passwords for Dropbox and other online accounts, especially if you are using the same password for multiple websites, as well as use a good password manager to create and manage complex passwords for different sites. Moreover, the company previously ensured its affected customers that there is no evidence of any malicious access of their accounts, saying "Based on our threat monitoring and the way we secure passwords, we do not believe that any accounts have been improperly accessed."ĭropbox is one of many " Mega-Breaches" revealed this summer, when hundreds of millions of account credentials from years-old data breaches on famous social network sites, including LinkedIn, MySpace, VK.com and Tumblr, were exposed online. The rest of the account passwords are hashed with the SHA-1 hashing algorithm and also believed to have used a Salt – a random string added to the hashing process to further strengthen passwords to make it harder for hackers to crack them. The good news is that out of 68 Million, around 32 Million passwords are secured using strong hashing function BCrypt, which makes it difficult for hackers to obtain many of users' actual passwords. A selfie - but not one of the stolen ones.
