It seems a regular occurrence that an online service provider is hacked and the corresponding user data either made public or at least obtained by those performing the hack. Dropbox, the popular cloud storage solution, is the latest to be reported with over 60 million user account details found online. The data includes Dropbox account passwords, although in an amended form where known algorithms are used to alter the passwords when they are stored.
Dropbox is reporting that the issue relates to a security breach in 2012 which it disclosed at the time, and says that it has forced a password reset on accounts that haven’t had a password change since then. It hasn’t disclosed how many accounts have had an enforced password reset though. Dropbox has changed the password storage protocols it uses a number of times since the 2012 breach in an attempt to improve the security of user data. The compromised data hasn’t yet been reported as being available on known marketplaces, but of course that doesn’t guarantee that it won’t be used maliciously. This Dropbox issue also follows security breaches of a similar scale on Twitter and LinkedIn accounts earlier in 2016.
As a user, it’s easy to consider only the account that has been potentially compromised. Regardless of whether or not you store private and important information in Dropbox, it’s not unusual for users to use the same password across a number of services. So a compromised password for one service or account could be granting open access to a number of others. It’s common for hackers to try using the same password to log into other services, so they may be able to access much more than you initially realize.
Password manager apps on Android such as LastPass and 1Password can be used to generate unique passwords, check for duplicates, store all your passwords as well as other private data, and use complex encryption to reduce the risk of a security breach. Two-factor authentication is another great security solution to enable where it is available, such as on your Google or Dropbox account, to ensure that more than just a password is needed for access.