2012 Dropbox hack could affect 68 million users today
You might use Dropbox for business or pleasure. It’s a very handy service for storing documents in the cloud that you can then easily share with friends or work colleagues. For the most part (unless you upgrade), it’s entirely free.
I’m not unusual myself in using the free service for sharing documents and files that are very much not sensitive or private. For instance, I use it with my family to share snaps and for work purposes to share texts. I don’t use it for sensitive financial documents and the like.
Dropbox was hacked back in 2012 and they said then that email addresses had been stolen in that attack. But according to reports it now comes to light that passwords too were taken.
It’s impossible to know what the risks are here and how much you need to worry. It’s another reminder that if you’re using the same password across sites, it is a good idea to make some variations. Needless to say that’s a pain in the proverbial.
A Dropbox spokesperson said: “There is no indication that Dropbox user accounts have been improperly accessed. Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012. We can confirm that the scope of the password reset we completed last week did protect all impacted users.”
It may be, perhaps, related. But I received an email today from Spotify saying: “To protect your Spotify account, we’ve reset your password. This is because we believe it may have been compromised during a leak on another service with which you use the same password.” I suspect this email refers to the Dropbox problem. Who knows? I’ve changed my passwords on both Spotify and Dropbox as a result though.
And I’ll still modulate the shields, as they say on Star Trek. I guess like most people I do use the same passwords on websites and the like. It looks like we should all be a whole lot more creative and variable when it comes to passwords. What a pain.
I use LastPass to manage all my passwords – I just have one password to remember then and all my account passwords are unique randomly generated strings available to me from any device.
Some techies have shared another technique – they use a unique string and combine it with the service name. I feel LastPass is more secure.
So what happens if LastPass is hacked and your info stolen?
laspass was hacked, like two weeks ago, when i first got the email my heart sank, because the “what if?” seemed fairly obvious. many bad things.
in fact they do expect to be hacked, people try all the time, the system has been designed from the start with that in mind.
even if a hacker managed to gain complete entry (they cant), the usernames & passwords are on seperate servers, salted & hashed 10,000 times each. even lastpass couldnt tell you your password if they wanted to. a hacker would need ~5000 years to brute force the passwords, assuming they could ever get their hands on them in the first place.
it’d be infintely easier just to wait for you to sign in then physically mug your password at knifepoint.
So did you have to change your lastpass password or any other passwods after this attack from 2 weeks ago?
yeah they made you change the master password, as a precaution (thats the one you log into lastpass with), apparently they werent compromised, but ‘safety first’ etc.
hack wasn’t near where your other-site passwords would be stored.
they notified every & stuff, theres a post on the site if you want more info on it; i found it relatively reassuring and informative, as far as notifiactions that you’ve been hacked goes.
(for some reason it’s wedged between 2 similar incidents from last year)
IMHO, its all about reducing risk. If you are not using LastPass, how are your password security reducing risk?