This incident happened way back in 2012 but nobody had realised its gravity. Passwords and credentials of a large number of Dropbox users were stolen and initially, people at Dropbox said that only emails were stolen. Facts are coming to light that more than 60 million Dropbox user passwords and credentials could have been stolen and the problem is graver than initially estimated. Right now the Dropbox company claims to have around 500 million users although it isn’t clear how many of these users are active users. At the time when passwords and credentials were stolen, Dropbox reportedly had 100 million users. So if passwords and credentials of roughly 60 million Dropbox users were stolen, it means almost three-fifths of the company’s user base, and this is a big number.
It has been repeatedly stressed that a password used with one service shouldn’t be used with another, and exactly this was happening when passwords and credentials of 60 million Dropbox users were stolen. One of the employees of Dropbox was using the same password to manage his Dropbox corporate network as the one he was using for his LinkedIn account. Just imagine, such a critical password was being shared by another service. So when LinkedIn got hacked, this employee’s corporate account also got hacked and hence, 60 million user passwords and credentials got stolen as a result. Although, the stealing of 60 million user passwords and credentials isn’t a reflection on Dropbox security because it was more of a careless mistake by one of the employees, security standards were broken. This employee shouldn’t have been allowed to use the same password that are used to manage his LinkedIn account. There should be strict company policy to deter employees from using the same passwords over multiple services.
Cloud storage services are favourites among hackers because people store all sorts of files using them. Up till now Dropbox hasn’t been hacked the way iCloud was hacked in 2014 and nude pics of celebrities were leaked and distributed. Such a disaster hasn’t happened with Dropbox or any other major cloud storage service up till now. But there is always a first time.
Stealing of 60 million user passwords and credentials isn’t a joke. So if you have a Dropbox account and if you haven’t changed your password recently or if you have been sharing the password with another service (Gmail, for example, or Facebook) you should immediately change your password. If you find managing so many passwords difficult, you can use a service like LastPass.