Dropbox last month advised users who have not changed their passwords since mid-2012 to come up with new passwords after sensitive data from a security breach in 2012 resurfaced.
According to Dropbox, the data is an old set of more than 68 million Dropbox user credentials (email addresses plus hashed and salted passwords) that may have been stolen in an incident in 2012. The stolen data now is available for sale on the dark web.
When your password is hashed and salted, it becomes a string of random characters. And Dropbox has not found any sign that the data was exploited. Nevertheless, the company is still recommending users to err on the side of caution and change their passwords.
Dropbox also recommends that any user who has used Dropbox password on other services should also change passwords on those sites.
If your organisation uses Dropbox Business, there is an option to quickly reset everyone’s password.