According to security experts a Dropbox security breach in 2012 has affected more than 68 million account holders.
Last week Dropbox reset all passwords that had remained unchanged since mid-2012 as a “preventative measure”.
Back in 2012 Dropbox had said hacks on “other websites” had affected customers who used their Dropbox password on other sites too.
The details of 68.6 million Dropbox accounts have now emerged on hacker trading sites.
The document has been acquired by a Motherboard reporter who also said it had been verified as genuine by a senior Dropbox employee.
The data is said to include email addresses and hashed passwords.Security researcher Troy Hunt said the hashing algorithm that obscured the passwords was “very resilient to cracking”.
He said: "Frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public."
He said he managed to independently verify the hack by finding the password within the cache.
In a statement to the BBC Dropbox said: "This is not a new security incident."It continued: "Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012."
We can confirm that the scope of the password reset we completed last week did protect all impacted users."Even if these passwords are cracked, the password reset means they can't be used to access Dropbox accounts."
View Internet News Archive