Dropbox confirms data breach, Spotify force resets users password
Users of cloud storage application Dropbox and music-streaming service Spotify have been forced to update their passwords following a data breach that leaked details of 68.7 million Dropbox accounts.
Dropbox head of trust and security Patrick Heim confirmed the data breach after four 5GB files containing 68,680,741 accounts were uploaded to breach notification website Leakbase.
“Based on our analysis, the credentials were likely obtained in 2012,” Heim said in a statement published Wednesday, Aug. 31.
“We first heard rumors about this list two weeks ago and immediately began our investigation. We then emailed all users we believed were affected and completed a password reset for anyone who hadn’t updated their password since mid-2012. This reset ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts."
Heim urged Dropbox users who signed up for the service before mid-2012 and reused the same passwords to other accounts to update their passwords.
“If prompted, all you need to do is choose a new and strong password. We provide a password strength meter to help you. If you don’t receive a prompt, you don’t need to do anything. However, for any of you who’ve used your Dropbox password on other sites, we recommend you change it on Dropbox and other services,” he added.
The Dropbox executive assured users that precautions are being taken. The cloud storage company claims that it has 500 million users worldwide as of March 2016.
“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” he explained.
Following the Dropbox data breach, Spotify has force reset its users’ password. The music-streaming service reportedly has 100 million active monthly users. To reset Spotify password, go to account page on the website and change password or go to password reset page to enter your email address or username.