Header Ads

Anyone can now download the leaked database of 68,680,741 Dropbox accounts for Free!

In August, Motherboard reported that hackers had stolen over 60 million account details for online storage platform Dropbox. The details were from a previously disclosed breach, but the true scale of the hack had not been previously revealed. 

Motherboard recently discovered that a researcher has just uploaded the full dump of hacked Dropbox database online.

Thomas White, known online as The Cthulhu, uploaded Monday the full Dropbox data dump onto his website in a move, as he claims, to help security researchers examine the data breach.

So, anyone can now download the leaked database of 68,680,741 Dropbox accounts, containing email addresses and hashed passwords, totally for FREE.

"The ... dump was allegedly taken from Dropbox sometime in 2012 following a breach," White writes on his website. "I have assisted [in keeping] this breach public for those who are struggling to find a reliable source for research."

White is the same person who previously dumped accounts from massive data breaches in large enterprises, including extramarital affairs site Ashley Madison, social networking site Myspace, and more.

The good news is that out of 68 Million, around 32 Million passwords are secured using strong hashing function BCrypt, which makes it difficult for hackers to obtain many of users' actual passwords.
The rest of the account passwords are hashed with the SHA-1 hashing algorithm and also believed to have used a Salt – a random string added to the hashing process to further strengthen passwords to make it harder for hackers to crack them.

Moreover, the company previously ensured its affected customers that there is no evidence of any malicious access of their accounts, saying "Based on our threat monitoring and the way we secure passwords, we do not believe that any accounts have been improperly accessed."

Dropbox is one of many "Mega-Breaches" revealed this summer, when hundreds of millions of account credentials from years-old data breaches on famous social network sites, including LinkedIn, MySpace, VK.com and Tumblr, were exposed online. 

In September, a data dealer was selling the Dropbox dump on the dark web for around $1200.

Dropbox is requiring its users to reset their passwords if they have remained unchanged.

source: Montherboard

No comments

blogmytuts. Powered by Blogger.