68 Million Drop Box accounts that were hacked in 2012, are leaked iin 2016 and went for sale on Darknet Last month. It is now available for free download.
Dropbox, the online storage platform has suffered a massive blow back in August when the company learned that over 60 million of its user accounts got hacked and credentials stolen by malicious threat actors in 2012. The latest news is that the actual figure of stolen Dropbox accounts was 68,680,741 accounts and the email IDs and hashed passwords of these 68 million accounts can be downloaded for free.
The data stolen about two months back was dumped online by Thomas White aka The Cthulhu on his personal website in order to help security researchers investigate about the breach.
It must be noted that about 32 million Dropbox account passwords are protected with advanced and powerful hashing function bcrypt. Therefore, hackers cannot obtain actual passwords of the users but only those that are hashed with another algorithm dubbed as SHA-1 along with a salt. But, apparently, this particular data dump does not include salts. So, we can assume that it would be really difficult for hackers to get hints about the real passwords.
Dropbox maintains that the company hasn’t observed any malicious activity on these hacked accounts in recent times. We also came to know that last month, the Dropbox data dump was being sold by a vendor on the Dark Web for nearly $1200. Probably this is the reason why the data is now available publicly, because every hacked database when goes out for sale, it ends up being dumped online for easy public access.
We have also witnessed it happen with Twitter, Yahoo and LinkedIn when these platforms suffered massive data breaches. The data firstly appeared on sale at the Dark Web and then soon after it was available online for free downloading.