You may have heard that 68 million Dropbox users were recently told by the company that they needed to change their passwords due to a general hack of their database. The hack occurred in 2012, but it was only after years of persistent rumors by Netizens and cybersecurity mavens that Dropbox finally came clean about the hack. Dropbox completed performing a forced password reset for 68 million people just last week. Dropbox is merely the latest Web-based startup or organization that has faced having many millions of their customers affected by a single data breach. 5GB of files were obtained by Motherboard via Leakbase, a data breach notification service. The hacked cache of files includes email addresses and hashed user passwords, but, interestingly, almost half (32 million) of the passwords are secured by bcrypt, a strong hashing function, leaving the rest hashed by the hashing algorithm known as SHA-1.
Head of Trust and Security for Dropbox Patrick Heim told the world that his company had successfully completed the password reset process, and all affected users of his popular service were covered. Says Heim, “We initiated this reset as a precautionary measure, so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
No Illegal Access?
According to a Dropbox spokesperson, the company has found no evidence that any Dropbox account was illegally accessed, although Tech News journal FossBytes reports that, “The Dropbox dump also hasn’t appeared on any major dark web marketplace” which sounds suspiciously like damning with faint praise for yet another outfit that has unwittingly exposed millions to an account and data breach – as well as a breach of inherent trust. Leave it to a third party (FossBytes) to take it upon themselves to advise Dropbox users to change their passwords immediately, and also choose strong passwords that are changed “from time to time,” a.k.a. every few months. This is probably a habit everyone should get into for any website containing personal data they can’t afford to have hacked.
The Argument for Better Cloud Security
The Dropbox debacle underlines the need for better cloud storage security, as that’s what type of platform Dropbox is and was at the time of the hack of their database in 2012. Some may argue that cloud security has advanced significantly in the intervening four years, but – has it advanced enough? The company claims that those passwords that were reset or accounts that were created after 2012 have no chance of being affected, but how can the Web-buying and online-using public be 100% secure in that notion? Lightning doesn’t often strike twice, that’s true. But, there are demonstrable patterns of malicious behavior by hackers, combined with a Web-using public that tends to let down its guard that should bring a rallying cry from IT experts and cybersecurity specialists everywhere: “Encrypt, reset, and be ever-vigilant out there.”
Consult an IT Pro About Passwords and Data Encryption
PC Help Services is the leader in providing managed IT services in Indianapolis. Contact our expert IT staff at (317) 585-0500 or send us an email at firstname.lastname@example.org if you have any questions or concerns regarding data encryption, passwords, or protecting your valued data online, and we will be happy to answer any and all your questions.
My wife called around and the first company to actually answer the phone was PC Help Services, Inc. She scheduled a time for the owner, Jason, to come out to our house; he came out within 48 hours. (In the past, we had taken our computer to a place like Best Buy to get it repaired, but we really don’t like doing that anymore. Even though it costs more for a repairman to come to one’s home, it is worth it for convenience and security.) Jason showed up on time and was very professional. At the advice of the person who scheduled the appt. over the phone, we purchased a new DVD burner from Fry’s ahead of time to save money. When Jason determined that the DVD burner / drive in our computer was indeed inoperable, he began to replace it with the one we had purchased. There was a problem between the computer and the connectors for the new DVD drive. Jason knew of a store from which he could buy a new connector. Within 10 minutes he was back and had spent $5.00 for the connector. He quickly installed the new DVD drive and concluded within 45 minutes, start to finish. Hire PC Help Services, Inc., by all means!”