Millions of Dropbox accounts were hacked in 2012, but the confirmation that such an enormous data breach occurred has only surfaced recently. So while the hack is already 4 years old, Dropbox still grabbed the opportunity to address the issue and reassure its users that affected emails were never put at risk. 

Apple Insider has learned via a Motherboard report that the 2012 Dropbox hack affected a total of 68,680,741 accounts that include email addresses and salted passwords. Following the appearance of this report, a Dropbox employee has come froward to confirm the number of affected accounts. 

The confirmation comes days after Dropbox disclosed on its blog that it is enforcing a password reset to its users who created their accounts on the online service before to mid-2012 to ensure that their files are safe. In the post, Dropbox explained that the enforced password reset would notify affected users that they need to change their password when they try to access their accounts. 

Dropbox’s Head of Trust and Security Patrick Heim also clarified in the post that in their ongoing effort to contain the problem, they found out that the hack may have been due to a 2012 incident that involved the data breach of an old set of Dropbox user credentials. 

To shed light on the 2012 incident, TechCrunch retrieved an old blog post from the company stating that an employee Dropbox account, which contained a project document with an undisclosed number of user email addresses, was inappropriately accessed. The dated post also went on to state that because of this incident, some Dropbox users received spam.

TechCrunch pointed out that while Dropbox disclosed that the project document contained user email addresses, the company failed to inform users that encrypted passwords were also stolen at the time, as confirmed by an unnamed Dropbox insider. The tech site also noted in its report that the amount of time it took for the huge data breach to be confirmed is strange. 

Nevertheless, in Dropbox’s latest blog post, Heim insisted that they do not “believe that any accounts have been improperly accessed” because of the way they monitor threats and secure passwords. Despite this bold statement, however, Heim said that users should still take precaution.  

In the wake of this revelation about the 2012 Dropbox hack, Australian web security expert Troy Hunt took to his own site to also confirm that the massive data breach is real. He also emphasized in his post the benefit of using password managers like 1Password and Dropbox’s two-step verification in securing the safety of Dropbox accounts.

For users who want to know if their Dropbox account was affected by the hack, head to Have I been pwned (HIBP) and do a quick search to find out.