2012 Dropbox hack could affect 68 million users today

No primary category set

Card SecurityYou might use Dropbox for business or pleasure. It’s a very handy service for storing documents in the cloud that you can then easily share with friends or work colleagues. For the most part (unless you upgrade), it’s entirely free.

I’m not unusual myself in using the free service for sharing documents and files that are very much not sensitive or private. For instance, I use it with my family to share snaps and for work purposes to share texts. I don’t use it for sensitive financial documents and the like.

Dropbox was hacked back in 2012 and they said then that email addresses had been stolen in that attack. But according to reports it now comes to light that passwords too were taken.

It’s impossible to know what the risks are here and how much you need to worry. It’s another reminder that if you’re using the same password across sites, it is a good idea to make some variations. Needless to say that’s a pain in the proverbial.

A Dropbox spokesperson said: “There is no indication that Dropbox user accounts have been improperly accessed. Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012. We can confirm that the scope of the password reset we completed last week did protect all impacted users.”

It may be, perhaps, related. But I received an email today from Spotify saying: “To protect your Spotify account, we’ve reset your password. This is because we believe it may have been compromised during a leak on another service with which you use the same password.” I suspect this email refers to the Dropbox problem. Who knows? I’ve changed my passwords on both Spotify and Dropbox as a result though.

And I’ll still modulate the shields, as they say on Star Trek. I guess like most people I do use the same passwords on websites and the like. It looks like we should all be a whole lot more creative and variable when it comes to passwords. What a pain.

7 Responses

  1. I use LastPass to manage all my passwords – I just have one password to remember then and all my account passwords are unique randomly generated strings available to me from any device.

    Some techies have shared another technique – they use a unique string and combine it with the service name. I feel LastPass is more secure.


Temu MASA Certification for User Security and Privacy

Temu MASA Certification for User Security and Privacy

TikTok European User Data Security update

TikTok European User Data Security update

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

Hack4Values Pro Bono bug hunters for NGOs & nonprofits

TikTok Project Clover to safeguard UK EEA User Data

TikTok Project Clover to safeguard UK EEA User Data


Amazon Secure Delivery (One-Time Password)

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.


Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars