{"id":4265,"date":"2016-09-01T00:43:00","date_gmt":"2016-08-31T16:43:00","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4265"},"modified":"2016-09-01T00:43:00","modified_gmt":"2016-08-31T16:43:00","slug":"dropbox-hacked-68-million-user-accounts-compromised","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2016\/09\/dropbox-hacked-68-million-user-accounts-compromised\/","title":{"rendered":"Dropbox Hacked &#8211; 68 Million User Accounts Compromised"},"content":{"rendered":"<p>So was Dropbox Hacked? There was some rumours going around last week after it sent out a password reset e-mail warning to all users. It seems like it&#8217;s limited to users who were active in 2012 and the only ones who would be in trouble are as usual, those who haven&#8217;t changed their password since 2012 and those who re-use passwords across multiple sites.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.darknet.org.uk\/wp-content\/uploads\/2016\/09\/Dropbox-Hacked-68-Million-User-Accounts-Compromised-640x336.png\" alt=\"Dropbox Hacked - 68 Million User Accounts Compromised\" width=\"640\" height=\"336\" class=\"aligncenter size-medium wp-image-4266\" \/><\/p>\n<p>I&#8217;d hope those 2 parameters exclude everyone reading this site. Plus the passwords weren&#8217;t leaked in plain text, they were hashed (some in bcyrpt and some in SHA) and the SHA hashes are salted.<\/p>\n<blockquote><p>A data dump purported to contain 60 million Dropbox user IDs is the real thing, with the company confirming it to The Register, and independent verification from security researcher Troy Hunt.<\/p>\n<p>However, apart from the existence of a file with user IDs and hashed passwords, the company believes nothing has changed since last week.<\/p>\n<p>A spokesperson told The Register \u201cWe are confident that this is not a new incident; this data is from 2012, and these credentials were covered by the password reset\u201d.<\/p>\n<p>We&#8217;re also told there was no new breach of Dropbox systems.<\/p><\/blockquote>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>It seems strange as well after a massive leak of LinkedIn credentials this year, also from 2012 &#8211; following that now we have this. Also 4 years later, and also a HUGE cache of details.<\/p>\n<p>Coincidence? Maybe, perhaps the same perpetrators, but I don&#8217;t know there would be any reason or value generation from releasing these 4 year old dumps of credentials.<\/p>\n<blockquote><p>The Register&#8217;s conversation with Hunt \u2013 operator of HaveIBeenPwned and security educator \u2013 bears that out to a degree, since while Hunt has identified his pre-2012 user ID in the list, the author&#8217;s post-2012 account is not in the 60 million records.<\/p>\n<p>Hunt is currently preparing the data to load into HaveIBeenPwned, but believes it&#8217;s unlikely that anyone&#8217;s going to recover passwords anytime soon.<\/p>\n<p>Testing his own password against the bcrypt hash demonstrates the file is real, Hunt said, although a definitive date is hard to prove.<\/p>\n<p>The four files Hunt obtained extract to a bit more than 4.7 GB, he said, and while there&#8217;s 2.21 GB of SHA hashes, even those might pose a problem for an attacker, since they&#8217;re salted \u2013 the attacker would need the salts to decrypt the hashes.<\/p><\/blockquote>\n<p>The files have been validated as real, as the company themselves have confirmed it &#8211; and it&#8217;s been independently validated by security researchers.<\/p>\n<p>I&#8217;m not sure if any real harm is going to come from this, or it&#8217;s just another flash in the pan. I&#8217;d be more interested in reading a forensic analysis of how the intruders got hold of the credentials.<\/p>\n<p>But as we know, that kind of stuff is NEVER forthcoming.<\/p>\n<p>You can search for your own e-mail address here to see if any of your accounts have been leaked &#8211; <a href=\"https:\/\/haveibeenpwned.com\/\">https:\/\/haveibeenpwned.com\/<\/a><\/p>\n<p>Source: <a href=\"http:\/\/www.theregister.co.uk\/2016\/08\/31\/dropbox_2012_credentials_file_is_real\/\">The Register<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So was Dropbox Hacked? There was some rumours going around last week after it sent out a password reset e-mail warning to all users. It seems like it&#8217;s limited to users who were active in 2012 and the only ones who would be in trouble are as usual, those who haven&#8217;t changed their password since [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"So was Dropbox Hacked? There was some rumours going around last week after it sent out a password reset e-mail warning to all users.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[10,17],"tags":[],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4265"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=4265"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/4265\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=4265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=4265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=4265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}