Insight into 2012 Dropbox Hack Underscores Danger of Password Reuse
If you signed up to use Dropbox’s storage platform before mid-2012, you received an email last week requiring that you change your password. The notification was triggered after it was learned that both the quantity and quality of users affected during Dropbox’s 2012 hack had been significantly underestimated. Turns out back in 2012, more than 68 million email addresses and hashed passwords were stolen. Previous knowledge had indicated only usernames were affected.
The more concerning piece of news revealed this time around, however, is how hackers were able to access this information. It seems they accessed the account of a Dropbox employee (who seemingly had a file containing user information), using the employee’s own password, which they acquired from the details of the 2012 LinkedIn breach. The user was using the same password for both accounts – an error we often call attention to here on Hedge IT as a big, and potentially devastating, no-no.
The dangers of password reuse are coming to the forefront as other companies have recently alerted users to breach attempts at the hands of hackers armed with password information from other security breaches. Online backup firm Carbonite recently issued a warning to its customers about such an incident, as did Citrix GoToMyPC and code repository site GitHub.
For hackers, there is a wealth of password information dumped into the dark web and other corners of the Internet, providing these stealthy computer criminals with the means to attempt additional breach actions on various websites. Unfortunately, due to the prevalence of password reuse, it’s become easier and easier for hackers to penetrate these websites and access critical and sensitive information.
Hence, a friendly reminder: don’t use the same password for more than one location. Yes, it’s tedious and challenging to construct strong passwords for the number of websites and systems you’re inevitably using. But the risk incurred by not doing so is far greater.