68 million Dropbox passwords stolen by hackers

Before you go, we thought you'd like these...
Before you go close icon
What's Next for Dropbox?

Earlier this week, Dropbox reset user passwords for all accounts that hadn't changed them since 2012, following its discovery of a file containing hashed and salted passwords that were obtained in a previous security breach.

Now, Motherboard reports that the company's systems were hacked in 2012, and the attackers were able to get away with 68 million usernames and passwords. The legitimacy of the data was verified by Motherboard and vouched for by security expert Troy Hunt.

If you hadn't changed your password since mid-2012, there's not much reason to worry: since Dropbox forced a password reset on those accounts, the old one hackers found in the file wouldn't be of any use. In addition, 32 million of the passwords were found to be strongly hashed using bcrypt, while the rest used the slightly weaker SHA-1 algorithm. The passwords had also been salted, i.e. appended with a random string of characters to obscure them further.

RELATED: 8 tips to make your passwords stronger/p>

Tips for better passwords
See Gallery
Tips for better passwords

Be unique

Countless hacks have found many internet users tend to rely on simple phrases that are easily cracked. "Facebook" for a Facebook password and "LinkedIn123" for LinkedIn. Instead, use words phrases that are unique to your life, so they are easy to remember, but less easy to crack. 

REUTERS/Pawel Kopczynski 

Don't just use letters

Many sites require numbers and/or special characters in passwords these days, and for good reason. Passwords that only use letters are easier to figure out.


Go long

The longer your password, the better. Shorter passwords are easier for hackers to crack using high-powered computers. The longer the password, the longer it takes to crack, which means most will give up. 


Change your passwords

For the most secure accounts that you need protected, changing passwords regularly can help prevent a security breach. 


Don't use details people could know

While numbers are great additions to passwords, hackers could easily figure out the four digits of your birthday. Top security experts suggest ignoring dates entirely. (Shutterstock)

Pay attention to password reset questions too

Mitt Romney fell victim to a hacker when one was able to guess the name of his favorite pet and used it to retrieve and reset his email password in 2012. Stick with information that as few people as possible are likely to know


Use Password Managers

These services add an extra step into your password process, but they generate nearly crack-proof strings of alphanumeric combinations that are often at least 12-characters long. 

(David Muir via Getty Images)

Avoid using them on stranger computers

Computer used at a library or even a friend's house could have malware that steals your passwords.



However, if you've used the same email address and password combination on other services, you'll want to change those right away. It's common for hackers to try using credentials from one company breach on other services and accounts.

2016 has not been a good year for online security. Earlier this year, 32 million Twitter passwords were put up for sale on the Deep Web for just $5,807; in May, 117 million LinkedIn account details were available for $2,200, and 45 million users' credentials were stolen from numerous forums operated by a single company.

If you're concerned about the safety of your online accounts, now would be a good time to try out a password manager like 1Password and enable two-factor authentication on every service that offers it.

More from The Next Web:
Nearly a million people ditched cable TV last quarter
Snapchat just released an 8-bit marketing campaign disguised as a video game
Why China is poised for an economic resurgence with data analytics

Read Full Story

People are Reading