Dropbox is calling out to users who signed up to the service before the middle of 2012 to change their passwords if they haven't done so already. The company says this move is based on a preventive measure, and not because of any form of security threat.
According to the cloud hosting company, its security team managed to come across old Dropbox user credentials with salted passwords that were likely obtained by hackers back in 2012. Because of this, folks who created their accounts during the middle of that year should make changes ASAP.
Dropbox's investigation back in 2012 found out that usernames and passwords obtained by hackers via other websites were being used to sign in to the service. The company claimed it contacted the affected users in hopes of helping them secure their accounts.
Four years later, several of those users still have not changed their passwords. Chances are many of these affected users are no longer using Dropbox, or are not regular users to begin with.
Whatever the case, this is a serious matter that needs to be dealt with before hackers get wind of what is happening.
The year 2012 was a particularly terrible one for businesses that rely a lot on the web. Several websites at the time were hacked, LinkedIn being the most notable. Almost all user accounts on LinkedIn were compromised back in 2012.
How will Dropbox make sure users change their passwords?
Quite simple, really. Those who have yet to change will be prompted to do so the next time they log in. They will be asked to create a stronger password before moving forward. These users will see a meter that should alert them if the password they're entering is strong or not.
This isn't new to Dropbox, but we're glad the company has taken notice of what others have been doing over the years, and is now implementing it in its own service.
"If you don't receive a prompt, you don't need to do anything. However, for any of you who've used your Dropbox password on other sites, we recommend you change it on Dropbox and other services," said Patrick Heim, head of trust and security at Dropbox, in a blog post on Thursday, Aug. 25.
For stronger security, Dropbox is recommending that its users take advantage of two-factor authentication. It's more secure than just relying on your password alone, so everyone should use it, no matter which website they are using.
PC World has reported that a number of users on Twitter have posted images of emails received from Dropbox to change their passwords.