Although the initial proclamation failed to reveal the truthful scale of the information breach, it was inwards slow August when the breach notification service LeakBase obtained files containing details on over 68 meg accounts, which contains e-mail addresses in addition to hashed passwords for Dropbox users.
Last month, a hacker was selling this Dropbox information dump on a Dark Web marketplace known every bit TheRealDeal for around $1200.
However, Motherboard of late discovered that a researcher has only uploaded the total dump of hacked Dropbox database online.
Download DropBox Data Dump Here:
Thomas White, known online every bit The Cthulhu, uploaded Mon the total Dropbox information dump onto his website inwards a move, every bit he claims, to assist safety researchers essay the information breach.
So, anyone tin at i time download the leaked database of 68,680,741 Dropbox accounts, containing e-mail addresses in addition to hashed passwords, totally for FREE.
"The ... dump was allegedly taken from Dropbox sometime inwards 2012 next a breach," White writes on his website. "I direct hold assisted [in keeping] this breach world for those who are struggling to notice a reliable origin for research."White is the same mortal who previously dumped accounts from massive information breaches inwards large enterprises, including extramarital affairs site Ashley Madison, social networking site Myspace, in addition to more.
The proficient intelligence is that out of 68 Million, some 32 Million passwords are secured using potent hashing component BCrypt, which makes it hard for hackers to obtain many of users' actual passwords.
The residue of the concern human relationship passwords are hashed amongst the SHA-1 hashing algorithm in addition to likewise believed to direct hold used a Salt – a random string added to the hashing procedure to farther strengthen passwords to become far harder for hackers to scissure them.
Moreover, the fellowship previously ensured its affected customers that at that topographic point is no prove of whatever malicious access of their accounts, saying "Based on our threat monitoring in addition to the means nosotros secure passwords, nosotros exercise non believe that whatever accounts direct hold been improperly accessed."
Dropbox is i of many "Mega-Breaches" revealed this summer, when hundreds of millions of concern human relationship credentials from years-old information breaches on famous social network sites, including LinkedIn, MySpace, VK.com in addition to Tumblr, were exposed online.
The best means to protect yourself is to alter your passwords for Dropbox in addition to other online accounts, specially if you lot are using the same password for multiple websites, every bit good every bit purpose a good password manager to create in addition to cope complex passwords for dissimilar sites.
However, DropBox has already emailed all affected users in addition to completed a password reset process for anyone who had non updated their password since mid-2012, ensuring that hackers tin non access your Dropbox accounts fifty-fifty if they scissure leaked passwords.
