More than 100mln dropbox accounts leaked?

The leak is probably related to the 2014 breach


On the 18th May 2016 Twitter account @w0rm has posted a link that expose 100 million Dropbox account credentials in a zipped file.

https://twitter.com/wormws/status/732914034983501825

This file has been assessed as holding 4.9GB of data containing usernames and hashes that are highly likely to be passwords to access this account.

These hashes (probably SHA1) could be reverse engineered to reveal full password credentials.

The last and only officially reported Dropbox breach relates to 2014 where hackers managed to access Dropbox credentials through a third party application. 
Hackers leaked 400 sample addresses and requested payment to prevent further disclosures of compromised data.


At a first glance i should confirm that the leak is old and probably related to the 2014’s breach: in the archive is present my old dropbox account, but is not present my new account (created in 2015).

When in doubt, a password change is always indicated.

Comments