SAN FRANCISCO, Sept. 1 (UPI) — Four years after Dropbox’s 2012 data breach, more than 68 million user accounts have been leaked online — including email addresses and hashed passwords.
Motherboard announced Tuesday that it obtained files containing email addresses and hashed and salted (a type of encryption) passwords for a total of 68,680,741 Dropbox user accounts.
Dropbox, an online cloud storage service, said after the 2012 breach that user’s email addresses were the only data stolen.
Dropbox announced this week that it was forcing some users — those who hadn’t updated their passwords since mid-2012 — to reset their passwords after the breach information became public.
“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” the company wrote on its website.
Dropbox’s 2012 incident was the result of hackers obtaining access to an employee’s Dropbox account that included the stolen account information.
The company said it is now working to ensure employees don’t reuse passwords on their corporate accounts.