Dropbox urges users to change passwords

26 August 2016

Dropbox displayed on smartphones — Image caption,
Dropbox has accumulated more than 500 million registered accounts since it launched in 2007

Dropbox has asked users of its online file hosting service to change their passwords.

The firm said the precautionary measure was related to a spate of hacks on other websites that occurred in 2012.

Those who registered with Dropbox before mid-2012 and have not changed their password since will need to create a new one.

Dropbox said: "We don't believe any accounts have been improperly accessed."

Patrick Heim, the company's head of security, that the new security measure was related to "an old set of Dropbox user credentials" that were illicitly obtained in 2012.

These user credentials were usernames, as well as hashed and salted passwords. Dropbox did not name which "other websites" it was referring to.

Security researcher Ken Munro said the new security risk was that people who had used the same password across the unnamed websites as well as Dropbox might be potentially vulnerable.

He told the ��ý: "What may have happened now is hackers have been through that [hacked] data and there has been a major issue with reused passwords."

The statement from Dropbox advises that "for any of you who've used your Dropbox password on other sites, we recommend you change it on Dropbox and other services".

Rik Ferguson, the global vice-president of security research at security software company Trend Micro, told the ��ý that those affected might need to do more than change their Dropbox password.

He said: "This measure is certainly going to be effective in guarding against those with Dropbox accounts, but not for any other service where people shared those passwords.

"The danger is that it creates a false sense of security. You're not good again until you check which sites you used that same password on."

Mr Ferguson said ideally Dropbox should have forced users to change their password back in 2012 when other high-profile website hacks took place.

Mr Munro added that "anyone who hasn't changed their passwords in four years is asking for trouble".

He said: "Some simple advice - never reuse passwords, and ideally you should use a password manager."

Since it launched in 2007, Dropbox has accumulated 500 million sign-ups to the service.

����ý

More on this story

��ý