Using an Old Dropbox Password? Time for a Update.
If you've neglected to change your Dropbox password for some time, now is a good time to update.
Dropbox is requiring users to reset their passwords if they haven't done so since mid-2012. While you're at it, the company also recommends that you consider two-factor authentication.
"Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time," reads a blog post from Dropbox.
"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we're requiring anyone who hasn't changed their password since mid-2012 to update it the next time they sign in."
The mid-2012 breach the company refers to is the huge LinkedIn breach that resulted in around 117 million or so login credentials leaking online earlier this year. While Dropbox doesn't believe that any accounts have been improperly accessed, it's forcing a password reset to ensure that any users potentially affected are safe.
"We're doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed. We're sorry for the inconvenience," reads Dropbox's blog post.
Dropbox also suggests that its users consider thinking about all the sites they've used over the past few years -- easier said than done -- and what login credentials they might need to change elsewhere, in case they've been using the same (or similar) email addresses and passwords to authenticate.