- Is that Rosa Parks in random Twitter user’s baby photo? Tuesday 8:24 PM
- Syracuse students say white supremacist manifesto was AirDropped to them Tuesday 7:44 PM
- Florida woman gets prison time for throwing slushie at Matt Gaetz Tuesday 6:28 PM
- Marie Kondo’s online store slammed for selling clutter-worthy products Tuesday 5:34 PM
- People are rallying against toxic masculinity on International Men’s Day Tuesday 4:42 PM
- Reddit wants to stop its pro-Trump forum from outing the alleged whistleblower Tuesday 3:38 PM
- White woman calls cops on man who said he was visiting aunt with his kids Tuesday 3:12 PM
- ‘The Stranded’ is a flawed yet addictive blend of ‘Degrassi’ and ‘Lost’ Tuesday 2:45 PM
- The ‘gonna tell my kids’ meme is revisionist history at its most absurd Tuesday 2:24 PM
- Redditor asks former burglars to give home security tips Tuesday 2:18 PM
- Facebook-Breitbart partnership under fire in wake of new Stephen Miller emails Tuesday 2:00 PM
- John Krasinski under fire after praising the CIA Tuesday 1:46 PM
- Conservatives melt down after Chick-fil-A says it will stop donating to anti-LGBTQ orgs Tuesday 1:33 PM
- ‘Honey Boy’ is an experimental look at channeling trauma Tuesday 1:28 PM
- Disney+ now allows users to resume and restart content Tuesday 11:42 AM
More than 68 million Dropbox account logins have leaked online, but don’t panic just yet.
The email address and password leak, first reported by Motherboard, is due to a targeted attack against users of the cloud storage in 2012. The attack was possible due to users employing the same passwords across multiple websites, some of which were breached, the company said. Dropbox disclosed the breach soon after the attack.
On Friday, Dropbox announced that it was issuing a forced reset of passwords for all users who created their accounts before the middle of 2012 and have not changed their passwords since. The company did not disclose the number of affected accounts.
Dropbox said all passwords were hashed and salted, meaning Dropbox’s system added additional characters to the end of every password it stored so that even if hackers stole the passwords they would be protected.
Dropbox says it does not believe any of the affect accounts have successfully been compromised as a result of the login leak.
Still, the leak serves as yet another reminder of the fragility of passwords as a security tool. A 2015 survey conducted by password manager company Password Boss found that 59 percent of internet users reuse passwords across multiple sites and services, greatly increasing the risks to their data.
To better protect your online data, create a secure password for every site or online service you use, especially those that contain personal information or files. Use a password manager to create strong passwords that cannot easily be cracked. And enable two-factor authentication—which will require anyone who tries to access your account from a device other than your own to enter an additional authentication code sent to you—on any service that offers it. (Dropbox does, as do Facebook, Gmail, and Twitter.)
To find out whether your accounts have already been compromised, enter your email address(es) into the search tool on Leaked Source, which collects leaked databases in an effort to inform users about the security of their accounts.
Contact the author: Andrew Couts, [email protected]
Andrew Couts is the former editor of Layer 8, a section dedicated to the intersection of the Internet and the state—and the gaps in between. Prior to the Daily Dot, Couts served as features editor and features writer for Digital Trends, associate editor of TheWeek.com, and associate editor at Maxim magazine. When he’s not working, Couts can be found hiking with his German shepherds or blasting around on motorcycles.