Data Breach

Download for free 68 Million account details from Dropbox Data Breach

You don’t need to pay in order to receive the full dump from the DropBox data breach, security researcher leaked it online.

In August, a data dump containing more than 68 Million account credentials for online cloud storage platform Dropbox was leaked online. Dropbox forced password resets for a number of accounts after discovering the data dump online linked to a 2012 breach.

“The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria. Specifically, we’re prompting the update for users who:

  • Signed up to use Dropbox before mid-2012, and
  • Have not changed their password since mid-2012″

stated the announcement published by DropBox that confirmed the data breach occurred in 2012:

“We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users,” said Patrick Heim, Head of Trust and Security for Dropbox. “We initiated this reset as a precautionary measure so that the old passwords from prior to mid-2012 can’t be used to improperly access Dropbox accounts. We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password.”

In September, a hacker with the moniker “DoubleFlag” was offering for sale on the notorious black market TheRealDeal the DropBox data dump for BTC 02.000 (roughly 1200 US Dollar).
According to hackread.com, the dump includes 68,679,804 records containing users’ emails and encrypted passwords. 36,814,524 passwords that are encrypted with Secure Hash Algorithm 1 (SHA-1), while around 32 Million passwords are protected using strong hashing function BCrypt.
News of the day is that you don’t need to pay in order to receive the DropBox data dump because of the security researcher Thomas White, also known as The Cthulhu, who has leaked online the full archive.

The researcher published a post titled “END OF AN ERA”

“While I make no apologies for my politics or modus operandi, I do concede the model might need shaking up. I still serve as an effective deterrent to some of the companies who have dealt with me before as somebody who can’t be silenced by legal threats or by requesting law enforcement intimidates me, but my reach does, unfortunately, have limits, and would fall should my reputation take a hit. This ultimately has lead me to explore additional options and find other ways to continue as a deterrent, but take it away from my personal brand and to also put more time into remediation efforts for the average PC user to not get pwned if possible. ” explains the TheCthulhu.

The expert leaked the full DropBox dump via both magnet or torrent.

“The following dump was allegedly taken from Dropbox sometime in 2012 following a breach. More information is available here on the story.
I have assisted to keep this breach public for those who are struggling to find a reliable source for research.” 

Dropbox confirmed that its threat monitoring service hasn’t detected any suspicious activity related to the affected customers.

“Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.”

Dropbox is only one of the numerous massive data breaches suffered by many IT firms including YahooLinkedIn, MySpace, and VK.com.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –DropBox Data Breach, data breach)

[adrotate banner=”12″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: data breachDropBoxDropbox Data BreachHacking
8 years ago

Recent Posts

A bug in Chrome Password Manager caused user credentials to disappear

Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…

3 hours ago

BIND updates fix four high-severity DoS bugs in the DNS software suite

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…

14 hours ago

Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections

Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…

18 hours ago

Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…

1 day ago

Critical bug in Docker Engine allowed attackers to bypass authorization plugins

A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…

1 day ago

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…

2 days ago

This website uses cookies.