The security breach in 2012 was admitted by the Dropbox team last week, when they asked users to change their passwords. The proportions of the hack, however, are bigger than anticipated. The number of stolen records is close 68 million, going by information provided by LeakedSource.
Dropbox Hack – More Details
The file hosting service Dropbox was hacked in 2012, stealing email data and passwords from users. The stolen passwords were either hashed with the bcrypt or SHA1 algorithms. This explains why the Dropbox team asked users to change their password if they haven’t done so since 2012.
The Value of the Data
According to a Softpedia correspondence with LeakedSource
“For the most part until we (or someone else) figures out how they [the passwords] were hashed, the database is useless other than knowing who registered for Dropbox for [sending]spam emails,”
The group is famous for leaking big data breaches. LeakedSource has reported big data breaches like the Epic Games Forum hack, the VerticalScope breach, and many more. The group claims to obtain all it’s information by legitimate means, but their operation looks a bit shady.
The Data Breach Game – Rip ‘N Run
Data breaches are like dominos. If one site falls, it’s easy to use the gathered information to push down another. Since people often use one email for multiple accounts, if one of those accounts gets breached, the crooks can cross check other data dump containing the same email. That way, other accounts can be triangulated and breached.
The information of the Dropbox hack is not that useful to crooks since it’s hashed, but the fact remains; 68 million accounts were breached. That’s a pretty big chunk of the 500 million users that the service boasts, or around 13% of their entire customer base worldwide. Let’s hope that they’ll be able to protect their customers in the future.