Over 68 million Dropbox user names and passwords have been recently dumped online, four years after the file-sharing service was breached.
It’s a classic case of password reuse. An employee password, stolen during the 2012 LinkedIn breach, was re-used to access his Dropbox account. There, the user had uploaded a document containing Dropbox email addresses, and, apparently passwords.
Fortunately, most passwords were hashed and salted, therefore, they are not easy to crack. However, this breach reminds us that in spite of robust encryption algorithms implemented by service providers, security remains a shared responsibility and end users have a significant role in securing their assets.
Companies may or may not do a great job at securing content and stored user credentials, so changing passwords regularly and enabling two-factor authentication are some of the best practices users can carry out themselves to boost account security.
Users should also be cautious about the data they share in Dropbox public folders as hackers can use URL information to find other files they’ve publicly shared and may have forgotten about.