Emails Exposed in Dropbox Attack

Thursday, September 1, 2016 @ 06:09 PM gHale


Dropbox is a popular tool used across all industries, but it turns out email addresses and passwords of over 68 million accounts ended up compromised following a data breach four years ago.

News of the Dropbox breach emerged months after a series of breaches of LinkedIn, Myspace, Tumblr, and VK.

RELATED STORIES
As Attack Surface Hikes, Crime Damages to Double
Attackers getting More Aggressive
Hackers Target Industrial Companies
Network Monitoring: Keeping an Eye on IIoT

The Dropbox incident took place in July 2012, but no one knew the number of affected users until now.

At the time, Dropbox said that it was investigating complaints from users who were receiving spam at email addresses used only for this service, and several security measures ended up taken to ensure accounts weren’t compromised.

The root cause of this breach, Dropbox revealed at the time, was a stolen employee password: “A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.”

Last week, Dropbox started prompting password resets for the possibly affected users, while also revealing the move falls back to the 2012 incident. The company also confirmed “email addresses plus hashed and salted passwords” ended up stolen during the breach, but said it wasn’t aware of any account being improperly accessed.