Dropbox was hacked in 2012, leading to a huge leak of more than 68 million accounts. Now, these account details are available for anyone to free download online.
According to Thomas White(aka The Cthulhu), the one who uploaded the full dump on his personal website, the release of these breached email addresses and hashed passwords is to help security researchers investigate about the Dropbox hack in 2012. “I have assisted to keep this breach public for those who are struggling to find a reliable source for research,” says White.
Earlier this year, Dropbox declared that over 68M user names along with encrypted passwords were stolen in the 2012 security incident. Dropbox then soon sent out an urgent security update to its users, “If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification.’’
The company also mentioned that they did not detect any malicious activity toward the breached accounts. According to Dropbox, within those stolen credentials, about 32 million passwords were encrypted with bcrypt, a more powerful hashing function to prevent hackers from obtaining users’ actual passwords. The rest passwords were protected with another algorithm SHA-1. This method adds a random string to an actual password, thus making it more difficult for hackers to break.