Dropbox has emailed users warning them to update their passwords, while at the same time claiming that it hasn't been hacked.
The email from the cloud storage company has been aimed at users who haven't updated their password since mid-2012 or earlier, explaining that they will be forced to do so next time they try to sign in.
The company was keen to emphasise that the measure is "purely preventative" and that there is no evidence that the site has been compromised in any way.
However, Dropbox was hacked in the middle of 2012 and that's maybe why it's targeting specific customers, although the hack was disclosed and widely reported at the time.
The support page explained: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
The email from the cloud storage company has been aimed at users who haven't updated their password since mid-2012 or earlier, explaining that they will be forced to do so next time they try to sign in.
The company was keen to emphasise that the measure is "purely preventative" and that there is no evidence that the site has been compromised in any way.
However, Dropbox was hacked in the middle of 2012 and that's maybe why it's targeting specific customers, although the hack was disclosed and widely reported at the time.
The support page explained: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in."
This information isn't in the rather perfunctory email, which is as vague as possible presumably to avoid scaring the horses.
Dropbox offers two-step verification and works with FIDO standard security keys, but even customers using these services are being asked to change just in case.
Users of 4chan and Reddit claimed in 2014 to have stumbled across a list of seven million Dropbox passwords, but the company strenuously denied that these were from a hack, and indeed from its customers' accounts at all.
via
If you don't want to miss any of our latest update you can subscribe here with your email address or you can follow us on facebook to get the latest updates about tech and more.
Don't forget to share!!!
Don't forget to share!!!
No comments:
Post a Comment