About That Dropbox Email You Got Last Week...
If you're like me (and thousands of other legal professionals), you probably got an email from Dropbox about a week ago, letting you know that you'll need to reset your password. "Huh," you thought, "I didn't even remember that I had a Dropbox account." And then you went about your day.
But that email wasn't just a friendly reminder that Dropbox still existed -- it was one of the first, oblique, acknowledgements of that Dropbox was hacked in 2012, and lost 68 million usernames, emails, and passwords as a result.
"Purely a Preventative Measure"
It would be easy to ignore the Dropbox email. It was only four sentences long, with only two sentences of substance:
We're reaching out to let you know that if you haven't updated your Dropbox password since mid-2012, you'll be prompted to update it the next time you sign in. This is purely a preventative measure, and we're sorry for the inconvenience.
To learn more about why we're taking this precaution, please visit this page on our Help Center. If you have any questions, feel free to contact us at email@example.com.
But if you clicked the link to "this page" you would have found out a little bit more about this purely preventative, slightly inconvenient measure:
Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we recently learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012.
That's not exactly news. Dropbox disclosed the hack back in 2012. But the extent of the data breach wasn't known until recently. And it was big. Sixty-eight million passwords, emails, and usernames big.
The hack should be particularly concerning to tech-inclined attorneys. Back in the late aughts, Dropbox was one of the few free, cloud-based, online storage options around. There are now a lot of competitors, from Microsoft OneDrive to Box to Google Drive and dozens more. But many of us still have a Dropbox account lingering out there in the ether, perhaps with a few important files in it.
Of course, just because you got a Dropbox email, that doesn't mean your data has been compromised. But if you have old cloud storage accounts you haven't been paying attention to, now's as good a time as any to update your passwords and make sure you don't have important or confidential documents floating around on unattended accounts.
- Hack Brief: 4-Year-Old Dropbox Hack Exposed 68 Million People's Data (Wired)
- LinkedIn Was Hacked: Here's How to Protect Yourself (FindLaw's Technologist)
- For $12, Criminals Can Hack and Track Your Wireless Keyboard (FindLaw's Technologist)
- Who Is Liable When the Cloud Is Hacked? (FindLaw's Technologist)
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.