In 2012, the company became aware of a breach, and at that time, its investigation concluded that the number of users impacted by the breach was quite small. Those users were notified, and it was recommended that they change their passwords immediately. The company did not force a password change at that time.
Recently, however, a database was found for sale on the Darkweb that contained nearly seventy million user names and passwords of Dropbox users.This discovery was proof that the breach was much more extensive and severe than was originally estimated. As a result, the company compiled a complete listing of all impacted accounts from the rogue database, and force reset all the affected accounts.
Unfortunately, the company is not alone. In recent months, there have been a number of similar databases for sale on the Darkweb offering user accounts and passwords for tens, and sometimes hundreds of millions of users of a variety of high-profile, highly popular websites, including Yahoo, Gmail, LinkedIn, and others.
All of this highlights the importance of three things. Firstly, you should be changing your passwords on any site you use with frequency in case a breach occurs. Secondly, your passwords should be good, robust and not easy to decipher. Thirdly, if you’re using the same password across multiple sites, you’re opening yourself up to a world of trouble.
If, for example, your Dropbox password was the same as the password you use to access your bank account and/or credit card accounts, then back in 2012, when the Dropbox breach occurred, the hackers got access to those other accounts as well. It’s only a matter of time before they exploit that information, turning the problem of data vulnerability into a much larger and potentially more damaging one.