Dropbox breach exposes email and passwords of 68 million users

Next story

Back in 2012 Dropbox disclosed that they had suffered a data breach. At the time the extent of the breach wasn’t known. Dropbox discovered in early September 2016 that the data leaked is a list of email addresses with associated hashed and salted passwords affecting over 68 million user accounts.Hashing is the process of encrypting data, like a password, into a fixed-length string of characters and salting involves injecting it with random data. All of this helps to ensure that the data it can’t be easily decrypted.

What are the implications?

We spoke with Michael McKinnon, security expert and Director of Commercial Services at IT security and risk management firm Sense of Security, about the implications of such a breach. When asked if Dropbox files had been exposed or compromised, Michael said this, “Only Dropbox can really answer that question, and it’s absolutely feasible that that has happened, but there’s no evidence.”Hackers can quickly and easily target multiple online services and accounts using a single hacked email and password. Michael suggests that If you’re someone who regularly reuses the same password across multiple online accounts, you’ll almost certainly be at risk of becoming a victim, if not in this case, then probably in the future — now is a good time to update all your accounts with a unique password.When asked about the risk of phishing attempts that could be made on people in the list, Michael warned, “The phishing angle to the Dropbox breach is an absolute reality….you really need to be extra vigilant.”

How do I know if this effects me?

If you are one of the people on the list, you would have received an email from Dropbox asking you to reset your password. Nevertheless, even if you aren’t, you should consider changing it anyway.If you suspect you may have been compromised at any time you can use a service such as https://breachalarm.com/ to make sure.

How can I protect myself in future?

We have few good practices for you to implement to better secure yourself in future and help mitigate the effects of a similar data breach:

  • Create a long password using a memorable passphrase.
  • When creating passwords try to use a mixture of characters, both uppercase, and lowercase.
  • Never use the same password twice.
  • Enable two-factor authentication with online services where possible.
  • Don’t store sensitive or confidential data in the cloud, especially if it’s financial or personal identity in nature unless your data is suitably encrypted and protected.
  • Beware of phishing emails asking you to update your account details — If you suspect you might have received one, don’t click on any links in the email. Instead go direct to the website or online service in your browser and make updates there.

 You should also have an up-to-date antivirus or internet security solution to protect yourself against intrusions and malicious programs attempting to steal your data. ESET offers Multi-Device Security which protects all your devices for less than a single licence.