First and foremost, please change your DropBox passwords!
And check all other services that uses the same e-mail and password!
You may have received an email recently from dropbox… At first glance it doesn’t seem too out of place, suggesting that you update your password if you haven’t in so and so years (2012 I believe) and that you’ll prompted to change it.
The E-mail; Click me to enlarge!
This really is a reasonable e-mail, a company may be just concerned that after 4 years security could use a refresher! However I did ask myself “I wonder did something happen at Dropbox?” and it turns out that is in fact the case from two things:
Dropbox talks about said security issues from 2012 carrying through. (If you clicked that “why are we forcing this password update” link in the email.)
Various sources confirming the severity of the hack.
The source for outing that Dropbox was hacked were the guys and gals over at Motherboard. It is stated that over 60 million records were compromised, and what’s even more interesting is that Troy Hunt(an amazing guy from Microsoft) chimed in to validate the claims by showcasing that he found his record amongst the data!
If you’re curious about his data, he goes into how he used HashCatto check the validity – and he found that he was in fact compromised.
Now, Troy feels that Dropbox handled the situation well – and I’m inclined to agree to some extent, I would have still liked for Dropbox to disclose a bit more information, and keep the situation updated – however this still much better than how TeamViewer handled their breach.
I highly recommend reading the articles listed in this post, as well as the sources listed below!
This is why it’s important to use 2FA (Two Factor Authentication, also known as 2-Step Authentication), strong passwords (Maybe generated via password software/plugins), or even use a Yubi Key.
So there you have it, please update your information, share with anyone you know who may use Dropbox. Even if they feel like they’ve not important documents in their Dropbox, explain how that information is likely the same information on other services, for instance if people use the same e-mail and password for their bank accounts…