If you were recently required to change your password when logging into your Dropbox account, you can thank a 2012 data breach that exposed the login information of over 68 million Dropbox users.
Dropbox recently notified users of a potential forced password reset after its security team discovered a batch of account credentials believed to have been obtained from a known 2012 data breach. While the initial announcement failed to specify the exact number of impacted users, a report on Tuesday puts the number at well over 68 million.
Motherboard looked through a set of files obtained via its sources in the database trading community, as well as from Leakbase, and found information relating to 68,680,741 accounts. The info included email addresses, along with hashed, or salted, passwords. An anonymous Dropbox employee verified the info was legit.
The cloud storage service made the news last week, when it sent out emails to an unknown – but believed to be large – amount of users, warning them they may be prompted to change their password if they hadn’t done so since mid-2012. At the time, the company said it was a purely preventative measure, and pointed users in the direction of a Help Center webpage for more information.
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” Dropbox’s Head of Trust and Security, Patrick Heim, assured users. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”