Authored by a Symantec employee
Dropbox has announced via their blog that 68 million user email addresses with hashed and salted passwords have been exposed. Dropbox has verified that the information is indeed legitimate. As a result, they have proactively completed a password reset for anyone who hadn’t updated their password since mid-2012. They’re contacting account owners via email and the next time they login, they will be prompted to update their passwords.
The credentials that have been affected were from a data breach the company suffered in 2012.
So if you have signed up for a Dropbox prior to mid-2012 you may be affected.
The Best Defense Against Data Breaches Is Diligence and Proactive Protection
While data breaches aren’t easily preventable on your part, there are actions that you can take in the event of a data breach to help yourself stay protected. If you feel that you have been impacted in this data breach, here are a few steps you can take to protect yourself further:
- Single, complex passwords can be difficult to remember, let alone multiple ones. A good amount of users tend to use the same password across multiple sites. As a result, data obtained from one website breach will be used across other websites, in hopes of email and password reuse, granting the criminal access to additional accounts. If you do this practice, change your passwords on any sites that use the same email and password combination immediately. Be sure that each password is unique to each site.
- Enable two-step verification. Even if a website or app has strong security controls, your online accounts can become vulnerable to attack if you reuse passwords or have weak passwords. That’s why Dropbox and Norton strongly recommend turning on two-step verification for Dropbox and other sites that support it.
- Since passwords are a bit tricky to manage, Norton can help. You can learn more about safe passwords and password managers and keep them secure via Norton’s Identity Safe for free.
- If you're unsure if you have been affected by this breach, or any other data breach, you can sign up for haveibeenpwned.com, which will notify you by email if any of your usernames and emails have been exposed in a data breach.
Even if you haven’t been affected by this particular incident, the aforementioned tips are also a great way to get proactive about your own cyber protection. Think of it like insurance- you don’t wait for something to happen and then get insurance, you already have it in place just in case.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.