68 million Dropbox accounts leaked; is your data at risk?

With businesses and individuals turning to the cloud to store and back up their important business information, the security of cloud services is often under close scrutiny by the security industry.

Today, Dropbox has confirmed a breach potentially affecting millions of its users. It’s notified its customers through a series of forced password resets. This announcement did not confirm the number of affected users.

Security breach notification service Leakbase has confirmed that 68 million accounts were affected, with 32 million of those using the strong encryption function, BCrypt. The remainder of accounts were hashed with SHA-1 hashing.

How do I know whether I’ve been affected?

Dropbox has been pro-actively resetting user passwords of those who’re affected. Online checker haveibeenpwned.com will allow you to check whether your email address matches one of those discovered in the data leak.

What should I do next?

If you’re affected, you should reset your password immediately.

Keeping your account secure in 3 easy steps

1. Enable two factor authentication on your Dropbox account.
This creates another layer of security by requiring a second password when you log in from a different device. You can enable two factor authentication in your Dropbox account. You will need to download Google Authenticator (Free, iPhone and Android App stores).

2. Review your connected devices.
Check for any unusual devices connected to your account. If you see any unrecognised devices, terminate their sessions immediately.
Changing your password will not stop any existing devices already connected to your account.

3. Do not re-use your passwords across different services.
As simple as it sounds, keep the password unique, always include an uppercase letter, numbers and symbol. If necessary, follow the above steps on services which used the same password.

Corsaire has 20 years’ experience in security assurance and information security. If you have any questions or concerns regarding your data security, contact an account manager today.

Recent Blog Posts

Meltdown & Spectre 7 weeks on

Posted on Feb 28, 2018 - Written by Barry @ Corsaire - Category: Vulnerabilities

SSL/TLS Cheat Sheet

Posted on Feb 13th, 2018 - Written by Rowena @ Corsaire - Category: SSL/TLS, Guidance

Why do I need to worry about my Cisco ASA? Firewalls are bulletproof right?

Posted on Jan 30th, 2018 - Written by Barry @ Corsaire - Category: Industry News

68 million Dropbox accounts leaked; is your data at risk?

Posted on Sep 2nd, 2016 - Written by Corsaire - Category: Company News

CREST Accredited Penetration Testing

Posted on Jan 19th, 2016 - Written by Corsaire - Category: Company News

The Time (Value) of Information Security

Posted on Sep 7th, 2015 - Written by Corsaire - Category: Company News