


The company needs to have a secure place to store the passwords, but the user also needs to know the importance of using unique, strong passwords. The hack highlights the need for tight security at both ends of the user experience. “Definitely still change your password if you’re in any doubt whatsoever and make sure you enable Dropbox’s two-step verification while you’re there if it’s not on already.” “The bcrypt hashing algorithm protecting is very resilient to cracking and frankly, all but the worst possible password choices are going to remain secure even with the breach now out in the public,” said Hunt. Half of the stolen passwords in the database are still encrypted with SHA1. It appears the company was in the middle of upgrading the encryption from the SHA1 standard to a more security standard called, “bycrypt” when the theft took place. In 2012, Dropbox practiced good user data security, encrypting the passwords. The company had around 100 million customers at the time of the attack, meaning the data dump represents around two-third of their user base.

“You simply can’t fabricate this sort of thing.” “There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords,” Hunt said.
