Dropbox Has Verified That 68 Million User Credentials Have Been Exposed
Dropbox has announced via their blog that 68 million user email addresses with hashed and salted passwords have been exposed. Dropbox has verified that the information is indeed legitimate. As a result, they have proactively completed a password reset for anyone who hadn’t updated their password since mid-2012. They’re contacting account owners via email and the next time they login, they will be prompted to update their passwords.
Legitimate Dropbox Email
The credentials that have been affected were from a data breach the company suffered in 2012. So if you have signed up for a Dropbox prior to mid-2012 you may be affected.
The Best Defense Against Data Breaches Is Diligence and Proactive Protection
While data breaches aren’t easily preventable on your part, there are actions that you can take in the event of a data breach to help yourself stay protected. If you feel that you have been impacted in this data breach, here are a few steps you can take to protect yourself further:
- Single, complex passwords can be difficult to remember, let alone multiple ones. A good amount of users tend to use the same password across multiple sites. As a result, data obtained from one website breach will be used across other websites, in hopes of email and password reuse, granting the criminal access to additional accounts. If you do this practice, change your passwords on any sites that use the same email and password combination immediately. Be sure that each password is unique to each site.
- Enable two-step verification. Even if a website or app has strong security controls, your online accounts can become vulnerable to attack if you reuse passwords or have weak passwords. That’s why Dropbox and Norton strongly recommend turning on two-step verification for Dropbox and other sites that support it.
- Since passwords are a bit tricky to manage, Norton can help. You can learn more about safe passwords and password managers and keep them secure via Norton’s Identity Safe for free.
- If you're unsure if you have been affected by this breach, or any other data breach, you can sign up for haveibeenpwned.com, which will notify you by email if any of your usernames and emails have been exposed in a data breach.
Even if you haven’t been affected by this particular incident, the aforementioned tips are also a great way to get proactive about your own cyber protection. Think of it like insurance- you don’t wait for something to happen and then get insurance, you already have it in place just in case.