Clearly that Dropbox had leaked account information of more than 68 million

ByIan Lamont

Cloud storage serviceDropboxIt was revealed that hackers had stolen account information of 68 million cases.

Hackers Stole Account Details for Over 60 Million Dropbox Users | Motherboard
http://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts


Dropbox hackers stole e-mail addresses, hashed passwords from 68M accounts | Ars Technica UK
http://arstechnica.co.uk/security/2016/08/dropbox-hackers-stole-email-addresses-hashed-passwords-68m-accounts/


Dropbox asked the user to change the password when he noticed that the account information was leaked and claimed that "we have already thoroughly reset the password and there is no trace of the unauthorized access actually." However, Dropbox asked some users to change their passwords at the end of August 2016. In doing so, it was not disclosed how much account information leakage occurred.

Meanwhile, the news siteMotherboardObtains a data file that records Dropbox user's email address and hashed password, that is, account information that seems to have leaked from Dropbox, from sources in the database trading community. There were four files in total, and total data of 5 GB contained account information of 6868.8441 cases. I confirmed the truth of account information to Dropbox executives and it is clear that the account information of about 68 million acquired by Motherboard belongs to Dropbox user.

ByMartin Lafrance

Dropbox asked the user to reset the password of the account was the beginning of the last week of August 2016. In doing so, Dropbox does not announce how much accounts are related to password leakage, "Our security team is constantly monitoring new threats to users, among which some people in 2012 Old account information of Dropbox user who seems to have obtained was detected.In our analysis this account information was related to the event that occurred then (the hacking incident which occurred in 2012) " It was. In addition, Motherboard has concluded that about 68 million account information found this time is related to the 2012 hacking incident.

Of the leaked account information, 32 million passwords are strongly hashed with a method called "bcrypt", and the Motherboard says "hackers also obtain actual passwords from this hashed data It will be difficult. " However, the other half of the password seems to have been hashed by the method called "SHA-1" which is pointed out as vulnerability. The reason for password hashing is different because Dropbox has changed the way of hashing several times since 2012.

Dropbox says that unauthorized access using leaked account information has not been detected.

Resetting passwords to keep your files safe | | Dropbox Blog
https://blogs.dropbox.com/dropbox/2016/08/resetting-passwords-to-keep-your-files-safe/