If you are a Dropbox user, you must have received an email from the app, asking you to reset your password. And it will be smart to do so, since almost 70 million stolen passwords have been leaked online. The data about the leaked was shared by Motherboard first. Now, Dropbox has confirmed the same, adding that the leak is linked to a breach which took place in 2012, which only included user email addresses. Here’s How To Check If Your Account’s Among Stolen Dropbox Passwords Circulating Online!
Worried users can easily check if their passwords are available online at haveibeenpwned.com. The ‘Have I Been Pawned’ is a safe web page [run by Troy Hunter, a Microsoft security executive], which allows you to safely find out if you have been a victim of a breach as it checks against the databases from well-known security breaches. An analysis of the Dropbox password cache was performed and confirmed to be authentic.
The good part is that the leaked passwords of the file-sharing service have been scrambled by encryption algorithms, which means it will require a fair amount of guesswork from a hacker to use these stolen passwords to log in to an account. In a statement, Dropbox has stated that no accounts have been improperly accessed and that the password reset has covered all affected accounts.
However, in theory, a hacker might get lucky in processing the hashing information and could access your compromised account. The term ‘Hashing’ refers to a mathematical function that turns a string of characters, such as a password, into a separate, jumbled sequence of characters. Any minuscule change hashed data leads to a big change in the resulting jumble.
Hackers use free tools such as Hashcat, to turn well-known passwords into hashes. If any such hashes match the Dropbox data, a hacker would be able to figure out the sequence of characters used to derive that hash, which is the unencrypted Dropbox password. This combined with the stolen matching email addresses, could allow a hacker to log in to your account. However, even at this point, Dropbox users with two-factor authentication turned on would put another obstacle in front of the hacker.
It would be wise to secure your account as soon as possible, if you haven’t already. Safeguarding your personal information is always worth the trouble.