Dropbox hack leaks 68 million usernames and passwords

A hack from 2012 reportedly resulted in the breach of far more user information than previously believed.

Laura Hautala Former Senior Writer

Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.

Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials

2022 Eddie Award for a single article in consumer technology

See full bio

Laura Hautala

Aug. 31, 2016 12:29 p.m. PT

Wait, how many accounts were affected by a 2012 hack on Dropbox? About 68 million, according to multiple reports.

Back in 2012, Dropbox disclosed that a hacker had accessed its internal systems and accessed a list of user email accounts. It didn't say the list included passwords.

Now Motherboard, security expert Troy Hunt, and online leak-tracker LeakedSource have each reported they reviewed stockpiles of account information from Dropbox. The account information includes emails as well as passwords, which are encrypted.

Dropbox head of trust Patrick Heim confirmed in a statement that the usernames and passwords were from mid-2012. The company said all customers who haven't updated their passwords since that time period have been required to change their passwords.

"We can confirm that the scope of the password reset we completed last week did protect all impacted users," Heim said.

Heim also reminded users that they should think about whether they reused their Dropbox passwords in other accounts.

"While Dropbox accounts are protected, affected users who may have reused their password on other sites should take steps to protect themselves on those sites," Heim said in a statement.