Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Cloud

Dropbox Is Urging Users To Reset Their Passwords (fortune.com) 30

Dropbox is forcing a number of users to change their passwords after the cloud storage company found some account details linked to an old data breach. "The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria," the company writes on its website. Fortune reports: The popular cloud storage said the move was related to the theft of an old set of Dropbox credentials, dating back to 2012. So the users the company has contacted are those who created Dropbox accounts before mid-2012 and have not updated their passwords since that time. Dropbox disclosed in July 2012 that some users were getting spammed, and the cause appeared to be the theft of usernames and passwords from other websites. As is often the case, some people reuse their usernames and passwords across different web services. (If it still needs saying, you really shouldn't reuse your passwords, ever.)
This discussion has been archived. No new comments can be posted.

Dropbox Is Urging Users To Reset Their Passwords

Comments Filter:
  • by Anonymous Coward

    "Dropbox is forcing a number of users to change their passwords after the cloud storage company found some account details linked to an old data breach. "

    "We proactively initiated this password update prompt"

    These two statements are in contradiction, and the speaker should learn the meaning of the word "proactive".

    • It may be that the data breach wasn't of their systems. Many people reuse passwords, as remembering 400 passwords is impossible for anyone. Personally I use LastPass instead, but not everyone realizes that is available.

      • by Anonymous Coward

        How are services like last pass not just merely putting all your eggs into one basket?
        If they get compromised then your credentials for *every* site you stored there are now compromised and you have to go change all of them!

        • Well if they get compromised it shouldn't be a problem, as they don't store anything to do with your password. All decryption is done client-side.

          If your computer has a keylogger or you're tricked into entering your lastpass password into a fake login page or something, then yes, you've just opened up all your passwords in one go.
  • by Anonymous Coward

    N/T

  • This hit me yesterday after using Dropbox for the first time in a couple years. Just says "We noticed that you recently tried to log in to Dropbox with a password that you haven't changed in a while. Your old password expired and you'll need to create a new one to log in." No mention of any sort of breach or compromise

    • They found more account details in the wild from a 2012 breach. In 2012 they got hit and required some users to reset (no idea if they actually notified anyone). Now they're requiring more people hit in the 2012 breach to reset. I logged into Dropbox.com and was required to reset. I received no notification from Dropbox about it.

      If they're not notifying people then it's a disaster - no one logs into Dropbox.com. They install it on their PCs / phones and never go to the site.

      • If they're not notifying people then it's a disaster

        What's a disaster is not revoking login tokens for PCs/phones if there's any chance any of those could have been unauthorized.

      • Hell, I don't even remember what my Dropbox pw is! I do everything on my PC and it never asks for a password unless I install it on a new device.

  • There will be a simple single word that explains: "We got hacked, please change your password until next time we get hacked."

    Any suggestions?
  • by martiniturbide ( 1203660 ) on Friday August 26, 2016 @12:45PM (#52776133) Homepage Journal
    ...I read Dosbox urges your to change your password... WHERE???!!!
  • Reusing passwords (Score:3, Insightful)

    by Anonymous Coward on Friday August 26, 2016 @12:50PM (#52776197)

    (If it still needs saying, you really shouldn't reuse your passwords, ever.)

    Yeah, that's great. Too bad practically every website and service on the planet now wants you to create an account to do anything remotely useful on the site, people will reuse passwords. Yeah, password managers are a thing (mine is pushing 200 sets of credentials), but average Joes don't know what they are, wouldn't know where to get one, and even if they did, wouldn't know how to install them. And even if they did manage to find, download, and install one, their database would be wiped out as soon as they got Cryptolocker or their hard drive failed because their computer has been sitting on shag carpeting for ten years and the case is practically welded shut from all the accreted gunk (they don't have backups because outside of tech geeks and sysadmins, practically nobody backs up anything ever, except maybe their car).

    • There is a number of services that are becoming available through a "passwordless" approach (either through email or sms authentication). I wish it could get mainstream because currently, the hardest part is explaining properly to users how to use the system. I wrote a post on this: https://biogeniq.ca/en/article... [biogeniq.ca]
  • by davide marney ( 231845 ) on Friday August 26, 2016 @12:59PM (#52776263) Journal

    So I was able to create my very long, secure, easy to remember password. Yay.

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Working...