68 million stolen Dropbox accounts for sale on the Dark Web
In 2012, Dropbox was hacked and now a data set filled with user credentials has appeared
Last month, it became known that in 2012 cybercriminals had hacked into Dropbox and stole more than 60 million user account details, which have now surfaced on the Dark Web.
The security breach saw millions of account details, including passwords, stolen from the storage platform, to which the company admitted the breach and stated that most passwords were encrypted. The hack was down to a Dropbox employee using the same password for both his LinkedIn and Dropbox account, this meant when LinkedIn was targeted in 2012, the hackers were able to enter Dropbox's network.
The company said in a statement: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
"The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria."
The data has since been accessible on breach notification sites, including Hacked-DB, LeakedSource and HaveIbeenPwned, however it has since come to light that a vendor under "DouvleFlag" is selling the data on the Dark Web marketplace, known as TheRealDeal.
According to sources, the number of accounts for sale are 68,679,804, which include emails and encrypted passwords and are being sold for $1,209.
Dropbox has since released a password reset to those who registered before mid-2012.
Four years on, the LinkedIn hack is still causing disruption in the technology and social media industries, as the likes of Facebook's CEO Mark Zuckerberg and Google's CEO Sundar Pichai have fallen victim.