You don’t need to pay in order to receive the full dump from the DropBox data breach, security researcher leaked it online.
“The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria. Specifically, we’re prompting the update for users who:
- Signed up to use Dropbox before mid-2012, and
- Have not changed their password since mid-2012″
stated the announcement published by DropBox that confirmed the data breach occurred in 2012:
“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”
The researcher published a post titled “END OF AN ERA”
“While I make no apologies for my politics or modus operandi, I do concede the model might need shaking up. I still serve as an effective deterrent to some of the companies who have dealt with me before as somebody who can’t be silenced by legal threats or by requesting law enforcement intimidates me, but my reach does, unfortunately, have limits, and would fall should my reputation take a hit. This ultimately has lead me to explore additional options and find other ways to continue as a deterrent, but take it away from my personal brand and to also put more time into remediation efforts for the average PC user to not get pwned if possible. ” explains the TheCthulhu.
“The following dump was allegedly taken from Dropbox sometime in 2012 following a breach. More information is available here on the story.
I have assisted to keep this breach public for those who are struggling to find a reliable source for research.”
Dropbox confirmed that its threat monitoring service hasn’t detected any suspicious activity related to the affected customers.
“Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.”