Dropbox Is Urging Users To Reset Their Passwords (fortune.com) 30
Dropbox is forcing a number of users to change their passwords after the cloud storage company found some account details linked to an old data breach. "The next time you visit dropbox.com, you may be asked to create a new password. We proactively initiated this password update prompt for Dropbox users who meet certain criteria," the company writes on its website. Fortune reports: The popular cloud storage said the move was related to the theft of an old set of Dropbox credentials, dating back to 2012. So the users the company has contacted are those who created Dropbox accounts before mid-2012 and have not updated their passwords since that time. Dropbox disclosed in July 2012 that some users were getting spammed, and the cause appeared to be the theft of usernames and passwords from other websites. As is often the case, some people reuse their usernames and passwords across different web services. (If it still needs saying, you really shouldn't reuse your passwords, ever.)
Contradiction (Score:1)
"Dropbox is forcing a number of users to change their passwords after the cloud storage company found some account details linked to an old data breach. "
"We proactively initiated this password update prompt"
These two statements are in contradiction, and the speaker should learn the meaning of the word "proactive".
Re: (Score:1)
It may be that the data breach wasn't of their systems. Many people reuse passwords, as remembering 400 passwords is impossible for anyone. Personally I use LastPass instead, but not everyone realizes that is available.
Re: (Score:1)
How are services like last pass not just merely putting all your eggs into one basket?
If they get compromised then your credentials for *every* site you stored there are now compromised and you have to go change all of them!
Re: (Score:2)
If your computer has a keylogger or you're tricked into entering your lastpass password into a fake login page or something, then yes, you've just opened up all your passwords in one go.
Mark Zuckerberg is a Cylon (Score:1)
N/T
Your password is old. (Score:2)
This hit me yesterday after using Dropbox for the first time in a couple years. Just says "We noticed that you recently tried to log in to Dropbox with a password that you haven't changed in a while. Your old password expired and you'll need to create a new one to log in." No mention of any sort of breach or compromise
Re: (Score:3)
They found more account details in the wild from a 2012 breach. In 2012 they got hit and required some users to reset (no idea if they actually notified anyone). Now they're requiring more people hit in the 2012 breach to reset. I logged into Dropbox.com and was required to reset. I received no notification from Dropbox about it.
If they're not notifying people then it's a disaster - no one logs into Dropbox.com. They install it on their PCs / phones and never go to the site.
Re: (Score:2)
If they're not notifying people then it's a disaster
What's a disaster is not revoking login tokens for PCs/phones if there's any chance any of those could have been unauthorized.
Re: (Score:1)
Re: (Score:2)
Hell, I don't even remember what my Dropbox pw is! I do everything on my PC and it never asks for a password unless I install it on a new device.
Coming soon... (Score:2)
Any suggestions?
For a little moment I freaked out... (Score:4, Funny)
Reusing passwords (Score:3, Insightful)
(If it still needs saying, you really shouldn't reuse your passwords, ever.)
Yeah, that's great. Too bad practically every website and service on the planet now wants you to create an account to do anything remotely useful on the site, people will reuse passwords. Yeah, password managers are a thing (mine is pushing 200 sets of credentials), but average Joes don't know what they are, wouldn't know where to get one, and even if they did, wouldn't know how to install them. And even if they did manage to find, download, and install one, their database would be wiped out as soon as they got Cryptolocker or their hard drive failed because their computer has been sitting on shag carpeting for ten years and the case is practically welded shut from all the accreted gunk (they don't have backups because outside of tech geeks and sysadmins, practically nobody backs up anything ever, except maybe their car).
Re: (Score:1)
and they don't have any stupid complexity requirem (Score:4, Interesting)
So I was able to create my very long, secure, easy to remember password. Yay.
Re: (Score:2)
In fact, Dropbox wrote and open-sourced a very nice password complexity tool [github.com], specifically encouraging smarter password complexity. No banned characters, no stupid requirements, just a relatively intelligent entropy estimator.