2012 Dropbox hack could affect 68 million users today

Card SecurityYou might use Dropbox for business or pleasure. It’s a very handy service for storing documents in the cloud that you can then easily share with friends or work colleagues. For the most part (unless you upgrade), it’s entirely free.

I’m not unusual myself in using the free service for sharing documents and files that are very much not sensitive or private. For instance, I use it with my family to share snaps and for work purposes to share texts. I don’t use it for sensitive financial documents and the like.

Dropbox was hacked back in 2012 and they said then that email addresses had been stolen in that attack. But according to reports it now comes to light that passwords too were taken.

It’s impossible to know what the risks are here and how much you need to worry. It’s another reminder that if you’re using the same password across sites, it is a good idea to make some variations. Needless to say that’s a pain in the proverbial.

A Dropbox spokesperson said: “There is no indication that Dropbox user accounts have been improperly accessed. Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012. We can confirm that the scope of the password reset we completed last week did protect all impacted users.”

It may be, perhaps, related. But I received an email today from Spotify saying: “To protect your Spotify account, we’ve reset your password. This is because we believe it may have been compromised during a leak on another service with which you use the same password.” I suspect this email refers to the Dropbox problem. Who knows? I’ve changed my passwords on both Spotify and Dropbox as a result though.

And I’ll still modulate the shields, as they say on Star Trek. I guess like most people I do use the same passwords on websites and the like. It looks like we should all be a whole lot more creative and variable when it comes to passwords. What a pain.