Following the report about resetting passwords to keep your files safe, Patrick Heim, Global Head of Trust and Security at Dropbox commented below.
Patrick Heim, Global Head of Trust and Security at Dropbox:
“Since our original post, there have been many reports about the exposure of 68 million Dropbox credentials from 2012. The list of email addresses with hashed and salted passwords is real, however we have no indication that Dropbox user accounts have been improperly accessed. We’re very sorry this happened and would like to clear up what’s going on.
“Based on our analysis, the credentials were likely obtained in 2012. We first heard rumours about this list two weeks ago and immediately began our investigation. We then emailed all users we believed were affected and completed a password reset for anyone who hadn’t updated their password since mid-2012. This reset ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts.
“If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification. Also, please be alert to spam or phishing because email addresses were included in the list.
Thanks in advance for any changes you are willing to consider.”
