Menu
The Dropbox data breach is a warning to update passwords

The Dropbox data breach is a warning to update passwords

Stolen Dropbox data on 68 million user accounts has begun leaking on the internet

Recent data breaches underline the need for Internet users to regularly update the passwords for all their Internet accounts.

On Wednesday, Spotify reset the passwords of an unspecified number of users, just a day after data on 68 million accounts from Dropbox began reaching the Internet.

In a notice to users, Spotify said their credentials may have been compromised in a leak involving another service, if they used the same password for both.

“Spotify has not experienced a security breach and our user records are secure,” the company said in an email. The password reset is merely a precaution, it said.

There’s plenty of reason for Spotify to be cautious. Stolen Dropbox data, including user email addresses and hashed passwords probably taken from 2012, has begun circulating on the Internet.

Three sites that compile stolen accounts from data breaches were supplied copies of the stolen information and said it affects 68 million Dropbox users.

In addition, browser provider Opera said last week that its users’ data may have been compromised in a separate hack. That breach targeted Opera’s sync system, which stores passwords for sites that users visit, and 1.7 million users may have be affected.

Both Dropbox and Opera have already issued password resets. However, the affected passwords may also have been used for other Internet accounts. That could still give hackers a launching pad to attack users.

Fortunately, the stolen passwords from Dropbox and Opera were hashed, meaning they have to be cracked in order to be read.

That doesn’t mean hackers won't try. LeakBase, a repository for data breaches, obtained a copy of the Dropbox database and is trying to crack the passwords, which were secured using a hashing function called bcrypt.

“We are working on those, however it is taking a while,” LeakBase said in a message on Twitter.

Hackers may have tried to do the same. Dropbox says the data was probably stolen four years ago and the theft is only now becoming widely known.only now is becoming widely known.

However, bcrypt hashes are “exceptionally” difficult to crack due to the time and effort needed, said Troy Hunt, the creator of Have I been pwned?, another website that tracks data breaches. Only poorly chosen passwords that can be easily guessed are at risk, he said.

Even without the passwords, the stolen email addresses can be quite useful for hackers to attack other affiliated Internet accounts, said Adam Levin, chairman of security firm IDT911.

“All of this information becomes tiny breadcrumbs that hackers can use to guess passwords and answer security questions,” he said in an email.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments