The cloud based company Dropbox had suffered a massive breach four years ago which has come to limelight only now. Nearly 70 million accounts have been compromised and the worst thing is that they are now available on the internet. Dropbox has issued email to all its users requesting them to change their passwords. If you have received one, you should immediately change your password.
The passwords being circulated online have been hashed which means that they are encrypted and can be used by a person to access an account only if he knows the key or some smart guesswork. According to the statement released by the Dropbox no accounts have been improperly accessed and that the password reset has covered all affected accounts.
Hashing is a very smart technique, a one way process which is likened to the release of toothpaste from the tube. Just like the toothpaste can’t be put back into the tube, the hashed passwords can’t be reconverted into the original one. Therefore it is very unlikely that a malicious actor will be able to reconvert these hashed passwords into the original ones. However as per theory smart guesswork might result in success for a malicious actor. Basically, hashing is a mathematical function that turns a string of characters into a jumbled sequence. Even a small change due to hashing can produce big results in output. A smart hacker could use free tools like Hashcat to convert commonly used passwords into hashes. If these Hashes match the leaked hashed passwords of Dropbox, he would know get to know the sequence of character used to get the hashes and thus will be able to crack the original passwords. You don’t need to panic as the two factor authentication of Dropbox will still not allow the hacker to access your account.
If you want to know if your account has also been compromised you need to visitHave I Been Pwned and enter your email address. The search would scan the leaked Dropbox database against your email address and you will get to know if your account has been compromised. It’s safe to enter your email address as the site is run by Troy Hunter, a Microsoft security executive. Hunter is the one who has performed an analysis of the Dropbox password cache and confirmed they’re authentic.