Dropbox is doubling down on security protocol. The cloud storage company is instructing long-time users to reset their passwords. The company says not hack breach has happened, this is just a precaution.
The advice is only for users who have not changed their passwords since 2012. Considering that was four years ago, it is solid advice. Dropbox used a blog post to say it is starting to send notifications to users to update their security credentials. The company explains its reasons for the password prompt in its post:
“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.”
While there has been no leak this time, this action is tied to a previous leak that hit the company. Back in 2012, usernames and passwords for many users were leaked online. Those credentials were used to try and access accounts. Dropbox said at the time that the attack had failed, but it was a wake-up call for the company.
Since then the company has been a number of huge leaks that have befallen other companies. The infamous iCloud scandal that rocked Apple was too close to home for Dropbox. Like iCloud, the company specializes in cloud-based storage. If it happened to Apple, it could happen to Dropbox. The massive breach of LinkedIn also showed that giant companies are vulnerable to attacks.
The company advises that users choose a strong new password. There is a strength meter to assess if a password is strong enough:
“If prompted, all you need to do is choose a new and strong password. We provide a password strength meter to help you. If you don't receive a prompt, you don't need to do anything. However, for any of you who've used your Dropbox password on other sites, we recommend you change it on Dropbox and other services. We also recommend that you enable two-step verification.”