When it happened? DropBox Hack
Back in 2012, Dropbox disclosed that a hacker had accessed its internal systems and accessed a list of user email accounts. It didn’t say the list included passwords.
Now Motherboard, security expert Troy Hunt, and online leak-tracker LeakedSource have each reported they reviewed stockpiles of account information from Dropbox. The account information includes emails as well as passwords, which are encrypted.
Dropbox head of trust Patrick Heim confirmed in a statement that the usernames and passwords were from mid-2012. The company said all customers who haven’t updated their passwords since that time period have been required to change their passwords.
“We can confirm that the scope of the password reset we completed last week did protect all impacted users,” Heim said.
Heim also reminded users that they should think about whether they reused their Dropbox passwords in other accounts.
“While Dropbox accounts are protected, affected users who may have reused their password on other sites should take steps to protect themselves on those sites,” Heim said in a statement.
The good part is that the leaked passwords of the file-sharing service have been scrambled by encryption algorithms, which means it will require a fair amount of guesswork from a hacker to use these stolen passwords to log in to an account. In a statement, Dropbox has stated that no accounts have been improperly accessed and that the password reset has covered all affected accounts.
However, in theory, a hacker might get lucky in processing the hashing information and could access your compromised account. The term ‘Hashing’ refers to a mathematical function that turns a string of characters, such as a password, into a separate, jumbled sequence of characters. Any minuscule change hashed data leads to a big change in the resulting jumble.
Hackers use free tools such as Hashcat, to turn well-known passwords into hashes. If any such hashes match the Dropbox data, a hacker would be able to figure out the sequence of characters used to derive that hash, which is the unencrypted Dropbox password. This combined with the stolen matching email addresses, could allow a hacker to log in to your account. However, even at this point, Dropbox users with two-factor authentication turned on would put another obstacle in front of the hacker.
It would be wise to secure your account as soon as possible, if you haven’t already. Safeguarding your personal information is always worth the trouble.