Download for free 68 Million account details from Dropbox Data Breach

Pierluigi Paganini October 04, 2016

You don’t need to pay in order to receive the full dump from the DropBox data breach, security researcher leaked it online.

In August, a data dump containing more than 68 Million account credentials for online cloud storage platform Dropbox was leaked online. Dropbox forced password resets for a number of accounts after discovering the data dump online linked to a 2012 breach.

“The next time you visit, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria. Specifically, we’re prompting the update for users who:

  • Signed up to use Dropbox before mid-2012, and
  • Have not changed their password since mid-2012″

stated the announcement published by DropBox that confirmed the data breach occurred in 2012:

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

In September, a hacker with the moniker “DoubleFlag” was offering for sale on the notorious black market TheRealDeal the DropBox data dump for BTC 02.000 (roughly 1200 US Dollar).
According to, the dump includes 68,679,804 records containing users’ emails and encrypted passwords. 36,814,524 passwords that are encrypted with Secure Hash Algorithm 1 (SHA-1), while around 32 Million passwords are protected using strong hashing function BCrypt.
News of the day is that you don’t need to pay in order to receive the DropBox data dump because of the security researcher Thomas White, also known as The Cthulhu, who has leaked online the full archive.

The researcher published a post titled “END OF AN ERA”

“While I make no apologies for my politics or modus operandi, I do concede the model might need shaking up. I still serve as an effective deterrent to some of the companies who have dealt with me before as somebody who can’t be silenced by legal threats or by requesting law enforcement intimidates me, but my reach does, unfortunately, have limits, and would fall should my reputation take a hit. This ultimately has lead me to explore additional options and find other ways to continue as a deterrent, but take it away from my personal brand and to also put more time into remediation efforts for the average PC user to not get pwned if possible. ” explains the TheCthulhu.

The expert leaked the full DropBox dump via both magnet or torrent.

“The following dump was allegedly taken from Dropbox sometime in 2012 following a breach. More information is available here on the story.
I have assisted to keep this breach public for those who are struggling to find a reliable source for research.” 

Dropbox confirmed that its threat monitoring service hasn’t detected any suspicious activity related to the affected customers.

“Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.”

Dropbox is only one of the numerous massive data breaches suffered by many IT firms including YahooLinkedIn, MySpace, and

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –DropBox Data Breach, data breach)

[adrotate banner=”12″]


you might also like

leave a comment