Dropbox data leakage

Dropbox data leakage

Our intelligence analysts reveal the details of the new data breach case of Dropbox, put up for sale on the deep web by the cyber-identity peace_of_mind. Get informed about the case in our new research report!

On 25 August, Dropbox announced through its blog that, as a precautionary measure, passwords for all accounts created before 2012 would be reset, a fact confirmed in an email it sent to its users two days later. A week later, and after independent analysis carried out by various security experts who analysed the alleged information leak in which over 68 million sets of credentials could have been affected.

The leaked data is up for sale on TheRealDeal, a well-known trading market on the deep web, by the cyber-identity peace_of_mind, which has already been associated with other major leaks in 2016, such as those affecting LinkedIn and MySpace. There have also been reports of the sale of an alleged Dropbox database of more than 100 million users in March by the Tessa88 alias.

Our analysts recommend the implementation of tools for two-step authentication to prevent unauthorised access, as well as the replacement of the credentials that were possibly being reused in the services of third parties.

» Download the full research report “Dropbox data leakage