Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox Is Urging Users To Reset Their Passwords (fortune.com)

Posted by msmash on from the security-woes dept.

Dropbox is forcing a number of users to change their passwords after the cloud storage company found some account details linked to an old data breach. "The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria," the company writes on its website. Fortune reports: The popular cloud storage said the move was related to the theft of an old set of Dropbox credentials, dating back to 2012. So the users the company has contacted are those who created Dropbox accounts before mid-2012 and have not updated their passwords since that time. Dropbox disclosed in July 2012 that some users were getting spammed, and the cause appeared to be the theft of usernames and passwords from other websites. As is often the case, some people reuse their usernames and passwords across different web services. (If it still needs saying, you really shouldn't reuse your passwords, ever.)

4 of 30 comments (clear)

  1. For a little moment I freaked out... by martiniturbide · · Score: 3, Funny

    ...I read Dosbox urges your to change your password... WHERE???!!!

  2. Re:Your password is old. by sexconker · · Score: 2

    They found more account details in the wild from a 2012 breach. In 2012 they got hit and required some users to reset (no idea if they actually notified anyone). Now they're requiring more people hit in the 2012 breach to reset. I logged into Dropbox.com and was required to reset. I received no notification from Dropbox about it.

    If they're not notifying people then it's a disaster - no one logs into Dropbox.com. They install it on their PCs / phones and never go to the site.

  3. Reusing passwords by Anonymous Coward · · Score: 3, Insightful

    (If it still needs saying, you really shouldn't reuse your passwords, ever.)

    Yeah, that's great. Too bad practically every website and service on the planet now wants you to create an account to do anything remotely useful on the site, people will reuse passwords. Yeah, password managers are a thing (mine is pushing 200 sets of credentials), but average Joes don't know what they are, wouldn't know where to get one, and even if they did, wouldn't know how to install them. And even if they did manage to find, download, and install one, their database would be wiped out as soon as they got Cryptolocker or their hard drive failed because their computer has been sitting on shag carpeting for ten years and the case is practically welded shut from all the accreted gunk (they don't have backups because outside of tech geeks and sysadmins, practically nobody backs up anything ever, except maybe their car).

  4. and they don't have any stupid complexity requirem by davide+marney · · Score: 3, Interesting

    So I was able to create my very long, secure, easy to remember password. Yay.

    --
    "We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday