One of the most widely used cloud storage companies Dropbox has been hacked, an attack which has resulted in the leaking of over 68 million email address along with their password.
The attack occurred in 2012. When it happened, the firm issued a statement where it reported to have had it’s users’ email addresses accessed. In this report, it did not state that the passwords were taken as well.
The load of passwords only came to light when Leakbase, which is one the largest security notification tool noticed it .
The information did not only come from Leakbase. Troy Hunt, An independent cyber safety researcher who is also the owner of data leak firm, Have I been PWNED?, confirmed the leak when he disclosed that he and his wife’s data had been hacked.
Troy said: “It was obvious that the leaked information also included real Dropbox login details. It is impossible for someone it just come up with this kind of thing.
Dropbox distributed a message to its users via email about the need to change their passwords if they had not done so from 2012. At that point in time, the firm had 100 million users.This means the leak of 68 million user accounts represents close to three quarters of its total user base.
During that time, Dropbox had put serious security measures in place. It encrypted passwords and seems to have been trying to upgrade its method of encryption to a more secure one.
The 2012 attack was made possible by an employee who used a password he had also used on LinkedIn, another firm that was hacked earlier. The hackers then got the password from LinkedIn and used it to access Dropbox’s networks.
In response, Dropbox reset many of its user accounts when the attack occurred without reporting how many had been affected.
The hack shows just much tight security is needed for users by using tougher passwords and two-fold verifications; and on the part of firms, keeping the information secure.
Password encryption is not enough. Dropbox still suffered the attack despite its encryption.
Most security experts advise the use password managers to keep the lot of long and unique passwords that are necessary to stay completely safe on the many online platforms people go to.
But even this has been proved to be ineffective when OneLogin, a password manager got hacked. Even web browser developer, Opera suffered an attack once.