Data Breach

Download for free 68 Million account details from Dropbox Data Breach

You don’t need to pay in order to receive the full dump from the DropBox data breach, security researcher leaked it online.

In August, a data dump containing more than 68 Million account credentials for online cloud storage platform Dropbox was leaked online. Dropbox forced password resets for a number of accounts after discovering the data dump online linked to a 2012 breach.

“The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria. Specifically, we’re prompting the update for users who:

  • Signed up to use Dropbox before mid-2012, and
  • Have not changed their password since mid-2012″

stated the announcement published by DropBox that confirmed the data breach occurred in 2012:

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

In September, a hacker with the moniker “DoubleFlag” was offering for sale on the notorious black market TheRealDeal the DropBox data dump for BTC 02.000 (roughly 1200 US Dollar).
According to hackread.com, the dump includes 68,679,804 records containing users’ emails and encrypted passwords. 36,814,524 passwords that are encrypted with Secure Hash Algorithm 1 (SHA-1), while around 32 Million passwords are protected using strong hashing function BCrypt.
News of the day is that you don’t need to pay in order to receive the DropBox data dump because of the security researcher Thomas White, also known as The Cthulhu, who has leaked online the full archive.

The researcher published a post titled “END OF AN ERA”

“While I make no apologies for my politics or modus operandi, I do concede the model might need shaking up. I still serve as an effective deterrent to some of the companies who have dealt with me before as somebody who can’t be silenced by legal threats or by requesting law enforcement intimidates me, but my reach does, unfortunately, have limits, and would fall should my reputation take a hit. This ultimately has lead me to explore additional options and find other ways to continue as a deterrent, but take it away from my personal brand and to also put more time into remediation efforts for the average PC user to not get pwned if possible. ” explains the TheCthulhu.

The expert leaked the full DropBox dump via both magnet or torrent.

“The following dump was allegedly taken from Dropbox sometime in 2012 following a breach. More information is available here on the story.
I have assisted to keep this breach public for those who are struggling to find a reliable source for research.” 

Dropbox confirmed that its threat monitoring service hasn’t detected any suspicious activity related to the affected customers.

“Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.”

Dropbox is only one of the numerous massive data breaches suffered by many IT firms including YahooLinkedIn, MySpace, and VK.com.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –DropBox Data Breach, data breach)

[adrotate banner=”12″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

TP-Link Archer C5400X gaming router is affected by a critical flaw

Researchers warn of a critical remote code execution vulnerability in TP-Link Archer C5400X gaming router.…

7 mins ago

Sav-Rx data breach impacted over 2.8 million individuals

Prescription service firm Sav-Rx disclosed a data breach that potentially impacted over 2.8 million people…

10 hours ago

The Impact of Remote Work and Cloud Migrations on Security Perimeters

Organizations had to re-examine the traditional business perimeter and migrate to cloud-based tools to support…

17 hours ago

New ATM Malware family emerged in the threat landscape

Experts warn of a new ATM malware family that is advertised in the cybercrime underground,…

19 hours ago

A high-severity vulnerability affects Cisco Firepower Management Center

Cisco addressed a SQL injection vulnerability in the web-based management interface of the Firepower Management…

24 hours ago

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

The Ukraine CERT-UA warns of a concerning increase in cyberattacks attributed to the financially-motivated threat…

2 days ago

This website uses cookies.