What happened in 2012 is that some Dropbox users fell victim to account break-ins because of password reuse. It’s thought that hackers tried the login details on other websites under the assumption that some people use the same passwords across different online services.
Advertisement
Dropbox said that no accounts have been breached and the reset affects all users regardless of the strength of their passwords.
If you receive the email from Dropbox, you should visit your account where you may find that you’re prompted to choose a new password.
Dropbox has emailed many of its users, urging them to reset their passwords. This is purely a preventative measure, and we’re sorry for the inconvenience.
If you signed up for Dropbox prior to mid-2012 and haven’t changed your password since, you’ll be prompted to update it the next time you sign in.
To learn more about why we’re taking this precaution, please visit this page on our Help Center.
Heim explained that the threat has re-emerged, with Dropbox’s security team recently learning that a small set of old credentials were obtained in those hacks.
In a blog post explaining what prompted the step, Dropbox said it had learned about an old set of user credentials (email addresses plus hashed and salted passwords) that were stolen in an incident the company reported in 2012.
It says there is no evidence that anyone managed to decrypt the passwords, and that it doesn’t believe any accounts were accessed.
Advertisement
Dropbox is asking users who haven’t changed their password since 2012 to change it to a new one to make sure your password is secure. In Dropbox’s case, two-step verification means customers type in a security code sent to their phones via SMS in addition to their passwords.
