nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

If you haven't changed your Dropbox password for 4 years, do so now

Firm says mandatory reset is linked to 2012 LinkedIn mega-breach

By Alexander J Martin, 26 Aug 2016

Dropbox is forcing users to reset passwords that haven’t been changed since mid-2012, when LinkedIn suffered a mega-breach.

An email sent to Dropbox users this morning informed them that the reset was solely a preventative measure, and not as a result of any new breach.

Dropbox said that no accounts have been breached and the reset affects all users regardless of the strength of their passwords.

Back in 2012, Dropbox informed users that their security was in danger following the breach at LinkedIn, after an employee was hacked and the business sent out an awful lot of spam.

Speaking to The Register, Dropbox said the password reset is because of the LinkedIn breach, adding that Dropbox's threat intelligence team only very recently became aware of user credentials being shared in the wild. The company said it is investigating but was unwilling to offer any more information.

Dropbox implements independent security audits and certifications and offers bug bounties of at least $216 for the most trivial bugs, it told El Reg, with no upper limit on bounties paid – although the highest payout to date has been $78,317. In addition, Dropbox has built a password strength estimator called “zxcvbn” and “uses bcrypt to hash your passwords”, as well as offering 2FA for users. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing