Menu
The Dropbox data breach is a warning to update passwords

The Dropbox data breach is a warning to update passwords

Stolen Dropbox data on 68 million user accounts has begun leaking on the internet

Recent data breaches underline the need for Internet users to regularly update the passwords for all their Internet accounts.

On Wednesday, Spotify reset the passwords of an unspecified number of users, just a day after data on 68 million accounts from Dropbox began reaching the Internet.

In a notice to users, Spotify said their credentials may have been compromised in a leak involving another service, if they used the same password for both.

“Spotify has not experienced a security breach and our user records are secure,” the company said in an email. The password reset is merely a precaution, it said.

There’s plenty of reason for Spotify to be cautious. Stolen Dropbox data, including user email addresses and hashed passwords probably taken from 2012, has begun circulating on the Internet.

Three sites that compile stolen accounts from data breaches were supplied copies of the stolen information and said it affects 68 million Dropbox users.

In addition, browser provider Opera said last week that its users’ data may have been compromised in a separate hack. That breach targeted Opera’s sync system, which stores passwords for sites that users visit, and 1.7 million users may have be affected.

Both Dropbox and Opera have already issued password resets. However, the affected passwords may also have been used for other Internet accounts. That could still give hackers a launching pad to attack users.

Fortunately, the stolen passwords from Dropbox and Opera were hashed, meaning they have to be cracked in order to be read.

That doesn’t mean hackers won't try. LeakBase, a repository for data breaches, obtained a copy of the Dropbox database and is trying to crack the passwords, which were secured using a hashing function called bcrypt.

“We are working on those, however it is taking a while,” LeakBase said in a message on Twitter.

Hackers may have tried to do the same. Dropbox says the data was probably stolen four years ago and the theft is only now becoming widely known.only now is becoming widely known.

However, bcrypt hashes are “exceptionally” difficult to crack due to the time and effort needed, said Troy Hunt, the creator of Have I been pwned?, another website that tracks data breaches. Only poorly chosen passwords that can be easily guessed are at risk, he said.

Even without the passwords, the stolen email addresses can be quite useful for hackers to attack other affiliated Internet accounts, said Adam Levin, chairman of security firm IDT911.

“All of this information becomes tiny breadcrumbs that hackers can use to guess passwords and answer security questions,” he said in an email.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments