Home / / 68 million stolen Dropbox accounts for sale on the Dark Web

68 million stolen Dropbox accounts for sale on the Dark Web

In 2012, Dropbox was hacked and now a data set filled with user credentials has appeared

68 million stolen Dropbox accounts for sale on the Dark Web
The security breach saw millions of account details, including passwords, stolen from LinkedIn.

Last month, it became known that in 2012 cybercriminals had hacked into Dropbox and stole more than 60 million user account details, which have now surfaced on the Dark Web.

The security breach saw millions of account details, including passwords, stolen from the storage platform, to which the company admitted the breach and stated that most passwords were encrypted. The hack was down to a Dropbox employee using the same password for both his LinkedIn and Dropbox account, this meant when LinkedIn was targeted in 2012, the hackers were able to enter Dropbox's network.  

The company said in a statement: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.

"The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria."

The data has since been accessible on breach notification sites, including Hacked-DB, LeakedSource and HaveIbeenPwned, however it has since come to light that a vendor under "DouvleFlag" is selling the data on the Dark Web marketplace, known as TheRealDeal.

According to sources, the number of accounts for sale are 68,679,804, which include emails and encrypted passwords and are being sold for $1,209.

Dropbox has since released a password reset to those who registered before mid-2012.

Four years on, the LinkedIn hack is still causing disruption in the technology and social media industries, as the likes of Facebook's CEO Mark Zuckerberg and Google's CEO Sundar Pichai have fallen victim.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018