Earlier this week Dropbox sent out emails to nearly 70 million of it’s users notifying them that their passwords may have been compromised. The file-sharing service confirmed that there was a breach back in 2012, which this revelation is linked to. It had been thought that only emails were initially involved. Unfortunately for the millions of users of Dropbox, that isn’t the case it appears.
The good new is that the passwords, although leaked and being passed around, are encrypted using an algorithm called hashing. Anyone with ill-intent that receives these will have to do some pretty good guess work. Dropbox has recently made a statement about the breach, stating that no accounts have actually been compromised to date and it seems they believe there won’t be any incidents in the future. Although, if in the hands of a person that has too much time and the right skill-set, things could get ugly. There are methods for figuring out the and unscrambling the hashed character sequences. We would suggest checking your Dropbox security settings and making sure the two factor authentication is turned on.
Want to check to see if your password is being circulated around the inter-web? Check here: Have I been Pwnd, a site administered by a Microsoft security executive named, Troy Hunter. He has confirmed, after an analysis of Dropbox’s password cache, that the hack was real.