Dropbox recently sent an email requesting users to change their passwords. Unfortunately, with spam and phishing concerns it may have gone unnoticed by the majority of the audience it was meant for. So, for you Dropbox users who may have missed it, here's a quick recap.
According to Dropbox, the reason they're requesting this change is due to a breach that happened back in 2012:
"Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time."
Here's the the page from the Dropbox Help Center,
I’m being asked to create a new password on dropbox.com—why, and what should I do?
If you use Dropbox (or any cloud hosted site for that matter), it's a great practice to change your passwords on a recurring basis. On top of that, and while you're at it, you should add another layer of protection by turning on Two Factor Authorization (2FPA).
As always, we recommend that you do the following for all apps and services:
- Avoid reusing the same passwords across multiple services
- Create strong, unique passwords
- Consider using a passphrase instead of a password
- Only sign in to your account from secure devices and always sign out if accessing on a non-personal device
- Enable two-factor authorization whenever possible
On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.