Dropbox customers, change your passwords now - especially if you joined in 2012. Last week the company sent out an urgent announcement that a massive 68 million passwords have been hashed and salted, although there has been no evidence that they've actually been used.
It took the company four years to discover the breach, which occurred mid-2012. The company has prompted users to change their passwords next time they log on, and even those who haven't been affected should change their passwords anyway.
Dropbox says that its security teams are constantly monitoring security threats, and this monitoring alerted them to the 2012 breach.
Symantec said in its blog that users should see it as insurance - users need protection in place just in case something happens.
Symantec recommends that users take the following steps:
- Don't use the same password across different websites, as any passwords affected by breaches can be used by cybercriminals across other websites. Use different passwords unique to each website.
- Use two-step verification, such as a password and phone verification. This further protects you if you use weak or vulnerable passwords.
- Consider using password managers to keep track of your unique passwords
- If you believe you have been affected, the website https://haveibeenpwned.com/ will give you an idea if your username or email has been breached.