Dropbox Hacked — More Than 68 Million Account Details Leaked Online
Hackers have obtained credentials for more than 68 Million accounts for online cloud storage platform Dropbox from a known data breach.
Dropbox has confirmed the breach and already notified its customers of a potential forced password resets, though the initial announcement failed to specify the exact number of affected users.
However, in a selection of files obtained through sources in the database trading community and breach notification service Leakbase, Motherboard found around 5GB of files containing details on 68,680,741 accounts, which includes email addresses and hashed (and salted) passwords for Dropbox users.
An unnamed Dropbox employee verified the legitimacy of the data.
Out of 68 Million, almost 32 Million passwords are secured using the strong hashing function "BCrypt," making difficult for hackers to obtain users' actual passwords, while the rest of the passwords are hashed with the SHA-1 hashing algorithm.
These password hashes also believed to have used a Salt – a random string added to the hashing process to further strengthen passwords in order to make it more difficult for hackers to crack them.
“We've confirmed that the proactive password reset we completed last week covered all potentially impacted users," said Patrick Heim, Head of Trust and Security for Dropbox. "We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2016 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password."
Change your passwords for Dropbox as well as other online accounts immediately, especially if you use the same password for multiple websites. Also use a good password manager to create complex passwords for different sites as well as remember them. We have listed some best password managers that could help you understand the importance of password manager and choose one according to your requirement.
How to Avoid CyberAttacks?
Employee Education: CYBERSECURITY 101 It's critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific learning experience examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.) see CYBERSECURITY 101 training program below
Security: Antivirus software is essential for any business to protect against ransomware and other risks. Ensure your security software is up to date to protect against newly identified threats. Keep all business applications patched and updated to minimize vulnerabilities.
Backup Disaster recovery: Modern total data protection solutions take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can’t be triggered again.
EmailSecurity: Use a real Cloud-based email security platform, a robust, secure, and legally compliant email encryption.
Quarterly Network Security Assessments: Did you know that most security vulnerabilities occur inside a business, behind the firewall? In fact, more than 70% of all cyber security incidents today are the result of INTERNAL security issues that no firewall, anti-virus or malware device could have prevented. schedule yours now.
To find out about cybersecurity and what SynerTech security team can do to fight back, Fill out the form here .
Contact us today for more information.