{"id":12875,"date":"2016-08-31T11:57:56","date_gmt":"2016-08-31T15:57:56","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=12875"},"modified":"2019-11-15T13:48:58","modified_gmt":"2019-11-15T11:48:58","slug":"dropbox-hack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/dropbox-hack\/12875\/","title":{"rendered":"68M Dropbox passwords stolen \u2014 what you need to know"},"content":{"rendered":"

Earlier this week, my colleague Chris from Threatpost<\/a> penned an article about how Dropbox forced a password reset<\/a> for users who had not changed their passwords since 2012. At the time of his post, Dropbox called the move \u201cpurely a preventative measure.\u201d<\/p>\n

\"68M<\/a><\/p>\n

Back in 2012, Dropbox was the victim of a security breach that caused headaches and spam for users of the service. Four years later, the full extent of the breach is now coming to light after a cache of Dropbox user credentials was discovered online. Last night, Motherboard reported that the databases making their way around the database trading community were real and comprised more than 68 million Dropbox accounts.<\/b><\/p>\n

In the post, Motherboard noted that Dropbox had not seen evidence of malicious account access. Of the 68 million-plus accounts, approximately 32 million are secured with bcrypt<\/a>; the rest are hashed with SHA-1<\/a>.<\/p>\n

What does this mean?<\/h3>\n

According to Motherboard\u2019s report, the Dropbox data dump is not currently listed on the major dark web marketplaces, presumably because when passwords are adequately secured, their value to criminals diminishes. Given that this story is still developing, I suggest keeping tabs on Threatpost; they\u2019ll have rapid coverage should things change.<\/p>\n

What should you do?<\/h3>\n

In the grand scheme of things, this breach is just another one to add to the ever-growing list of data dumps from megasites. It joins LinkedIn<\/a>, MySpace, Tumblr<\/a>, OKCupid<\/a>, and Spotify<\/a> (x2<\/a>), among others. Criminals find value in account credentials, and we know that hackers are gonna hack, so what we need to do as citizens of the digital world is to be smarter about how we secure our digital lives. As with any major breach, we will bang the drum on five essential tips for online security:<\/p>\n

1. Use strong passwords and change them regularly.<\/b> Can we all agree that keeping the same password for four years<\/em> is not a good idea? Beyond that, passwords should both be easy to remember and strong (for an exercise in creating strong passwords, try our password check tool<\/a>).<\/p>\n

\n

Also, for tips on creating secure but memorable passwords, please see http:\/\/t.co\/Q6qWwHUF9v<\/a> #carphonewarehouse<\/a> #Kaspersky<\/a> #securepasswords<\/a><\/p>\n

\u2014 David Emm (@emm_david) August 10, 2015<\/a><\/p><\/blockquote>\n