This Dropbox Employee’s Mistake Revealed 68 Million Passwords
If you haven’t changed your Dropbox password in a while, it might be time. Back in 2012, the online cloud storage company suffered a major hack — and while they had reported email addresses getting stolen, the tech company didn’t reveal then that passwords were taken as well. In case you’re not sure if your info was one of those taken in the hack, you can check on the website Have I been pwned? The little flub that led to this massive personal info leak is one we’re probably all guilty of doing.
Professional networking site LinkedIn also suffered a major security breach back in 2012 (boy, those hackers sure get around, don’t they?), and in that breach, a certain Dropbox employee’s password was stolen. And here was that employee’s fatal mistake: using the same password for different logins. Whoops. That stolen password allowed hackers to access Dropbox’s corporate network and user database. While Dropbox did have encryption in place, the company was in the process of converting the encryption from SH1, a more standard encryption, to bcrypt, a more secure kind. Basically, half the passwords stolen were really secure, while the other half was less so, but all were encrypted. But that doesn’t mean your passwords are entirely safe. And this is also why you shouldn’t reuse your passwords across multiple sites.
But how will you keep all the different passwords straight? You can try using a password keeper like Last Pass, which will allow you to make your login info as complicated and varied as it needs to be, or you could try one of these other password-protection tricks to keep your login info safe.
How do you keep your passwords safe? Tweet us @BritandCo!
(h/t The Guardian; photo via Getty)