Linkedin Corp. Class A (NYSE:LNKD)
Historical Stock Chart

From May 2019 to May 2024

Dropbox Inc. is forcing some users to reset passwords after discovering that 68 million usernames and passwords were stolen from the online-storage site during a 2012 hack.

The company began resetting user passwords last week after learning people outside the company had obtained files containing the credentials, a company spokeswoman said. All users who haven't reset their passwords since mid-2012 are being required to reset their passwords.

Dropbox had previously disclosed that it had been compromised in 2012, but the company underestimated the impact of the incident. On Wednesday, the company said it was unaware of the full extent of the hack until the files surfaced.

The stolen passwords were obscured via a cryptographic technique that makes them difficult to decipher, but simple passwords could be at risk from password cracking software.

Users' email addresses are linked to the passwords, so hackers could test the passwords on other services. This is a common technique that has kept security experts at internet companies busy this year protecting their password-reusing customers.

"If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services," the company said in a Wednesday blog post.

On its blog, Dropbox said it had "no indication that Dropbox user accounts have been improperly accessed," following the incident.

The Dropbox database was obtained on Tuesday by the online publication Motherboard.

The incident echoes a similar breach at LinkedIn Corp., which in 2012 was hacked and it also underestimated the extent of its breach. Earlier this year, hackers began selling access to a database of more than 100 million LinkedIn credentials and the company was forced to reset passwords that had been compromised four years earlier.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

(END) Dow Jones Newswires

August 31, 2016 21:25 ET (01:25 GMT)