Account Information of 68 Million Dropbox Users Stolen in 2012 Breach

Account Information of 68 Million Dropbox Users Stolen in 2012 Breach

August 31, 2016         Written By Natalie Rutledge

The account details for more than 68 million Dropbox users have been hacked. While the breach initially occurred in 2012, the full extent of the hack is just now being revealed.

This week, Dropbox found account details related to the earlier breach, and emailed customers asking them to reset their passwords. The reset request was only directed to users who had joined before 2012 and who had not changed their password since. The company did not announce the exact number of resets but said they were taking these measures to be proactive.

“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” the company wrote.

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

Motherboard obtained a selection of the hacked data, which included email addresses and hashed passwords. The files, which a senior Dropbox employee confirmed were legitimate, contained 5 GB and details on 68,980,741 accounts. A Dropbox spokesperson told Motherboard there was no evidence of malicious access to these accounts.

To make accounts safer, Dropbox has changed its password hashing practices since 2012. Nearly 32 million of the passwords that Motherboard tested were secured with bcrypt, which means it is unlikely that hackers could crack the code and get the user’s real password. The others were secured with an aging SHA-1 algorithm, but they were also salted, which makes them more difficult to hack.

The information contained within this article was accurate as of August 31, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About Natalie Rutledge

Natalie Rutledge majored in Communications at Mississippi State University. She was in sales for a number of businesses and spent nine years working as a communications advisor to various entities. Natalie can be contacted directly at
View all posts by Natalie Rutledge
Featured Low Interest Card
Top Features : 1.25X miles on every purchase; no annual fee; bonus of 20,000 miles once $1,000 is spent in first 3 months
Featured No Annual Fee Card
Top Features : Earn cash back twice. 1% when you buy plus 1% as you pay; 0% APR for 18 months on balance transfers
Featured Bad Credit Card
Top Features : No Annual Fee; Cash Back match at the end of your first year; Social Security Alerts
Featured Fair Credit Card
Top Features : No annual fee; access to higher credit line after making first 5 monthly payments on time
Featured Limited/No Credit
Top Features : No annual fee; reports to major credit bureaus; access to higher credit line after making first 5 monthly payments on time
Featured Cash Back Card
Top Features : No Annual Fee, Bonus Offer, Cash Back