You may have heard that 68 million Dropbox users were recently told by the company that they needed to change their passwords due to a general hack of their database. The hack occurred in 2012, but it was only after years of persistent rumors by Netizens and cybersecurity mavens that Dropbox finally came clean about the hack. Dropbox completed performing a forced password reset for 68 million people just last week. Dropbox is merely the latest Web-based startup or organization that has faced having many millions of their customers affected by a single data breach. 5GB of files were obtained by Motherboard via Leakbase, a data breach notification service. The hacked cache of files includes email addresses and hashed user passwords, but, interestingly, almost half (32 million) of the passwords are secured by bcrypt, a strong hashing function, leaving the rest hashed by the hashing algorithm known as SHA-1.
Head of Trust and Security for Dropbox Patrick Heim told the world that his company had successfully completed the password reset process, and all affected users of his popular service were covered. Says Heim, “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
No Illegal Access?
According to a Dropbox spokesperson, the company has found no evidence that any Dropbox account was illegally accessed, although Tech News journal FossBytes reports that, “The Dropbox dump also hasn’t appeared on any major dark web marketplace” which sounds suspiciously like damning with faint praise for yet another outfit that has unwittingly exposed millions to an account and data breach – as well as a breach of inherent trust. Leave it to a third party (FossBytes) to take it upon themselves to advise Dropbox users to change their passwords immediately, and also choose strong passwords that are changed “from time to time,” a.k.a. every few months. This is probably a habit everyone should get into for any website containing personal data they can’t afford to have hacked.
The Argument for Better Cloud Security
The Dropbox debacle underlines the need for better cloud storage security, as that’s what type of platform Dropbox is and was at the time of the hack of their database in 2012. Some may argue that cloud security has advanced significantly in the intervening four years, but – has it advanced enough? The company claims that those passwords that were reset or accounts that were created after 2012 have no chance of being affected, but how can the Web-buying and online-using public be 100% secure in that notion? Lightning doesn’t often strike twice, that’s true. But, there are demonstrable patterns of malicious behavior by hackers, combined with a Web-using public that tends to let down its guard that should bring a rallying cry from IT experts and cybersecurity specialists everywhere: “Encrypt, reset, and be ever-vigilant out there.”
Consult an IT Pro About Passwords and Data Encryption
PC Help Services is the leader in providing managed IT services in Indianapolis. Contact our expert IT staff at (317) 585-0500 or send us an email at email@example.com if you have any questions or concerns regarding data encryption, passwords, or protecting your valued data online, and we will be happy to answer any and all your questions.
Absolutely amazing. Matthew came to the office and worked with the laptop I had tried to fix myself. He listened carefully to what I reported, then worked with it for over an hour. He asked if he could take it back to his office to work with it. I agreed on the basis of a two-hour billable cap. He took it back to his shop, I’m sure spent way more than two hours fixing it, and returned to me a laptop I scarcely recognized–faster, working wireless, updated Cisco VPN software–perfection. In the course of his magic, he was always available to discuss the configuration, asked all the right questions and gave the right answers. He met the deadline I imposed. The service was so impressive that I asked about future availability to deal with a small business network if help was needed. There’s a team of folks ready to help.”