Pixel Envy

Written by Nick Heer.

Dropbox Is Resetting Passwords That Haven’t Been Changed Since Mid-2012

I received an email from Dropbox this evening; you likely did as well:

We’re reaching out to let you know that if you haven’t updated your Dropbox password since mid-2012, you’ll be prompted to update it the next time you sign in. This is purely a preventative measure, and we’re sorry for the inconvenience.

If that sounds strangely suspicious to you, you’re not alone. But I asked around and it seems that it really is just preventative, though it is related to other mid-2012 security breaches that you may have heard of.

Matthew Lynley, TechCrunch:

Dropbox’s intelligence team identified the existence of a file that contained hashed and salted passwords, according to a person familiar with the matter. That file pertains to passwords that were likely obtained in connection to the LinkedIn hack. While the information appears to have been taken from then and quietly held for some time, it is now surfacing, this person said. Dropbox earlier disclosed that usernames and passwords that were obtained in 2012 were used to access some accounts.

While you’re at it, you might as well turn on two-factor authentication too.