Last week Dropbox started asking those users who use their application before 2012 to change their password, a preventive measure, as indicated then, it had nothing to do with our credentials had been stolen or that there had been any unauthorized access.
Now, five days after that statement and reported as the specializing Motherboard, the application has again been hacked. An action that has leaked the personal data of more than 68 million users of the platform. But how exactly has happened?
Thus, it appears that these accounts have been compromised as a result of a failure occurred precisely in 2012. A mistake that, according to the cited publication has hit68,680,741 users . A not inconsiderable figure blowing up all alerts.
Of the 60 million user passwords, around 32 are safe thanks to the function of hashing bcrypt . However, the remaining 36 have a SHA1 hash is not so sure, though Dropbox added additional encryption. According Motherboard, this package does not seem to be vulnerable passwords.
TechCrunch, on the other hand, says that hackers have accessed the corporate network via Dropbox password of an employee of the entity. The same encryption that, indeed, this use LinkedIn recently compromised.
Moreover, it is noteworthy that this leak is not unique in its kind but already in 2014 the platform unveiled data access of up to 7 million people could have been committed. A case that although initially was attributed to a hacking platform finally finished explaining Dropbox, ensuring that published accounts had been obtained by a third party service.
That same year, moreover, the very Snowden went on to state that, using it, we would be jeopardizing our privacy. “It is a partner of PRISM, which makes it a very hostile place for privacy, ” he said then. Some accusations to which the company was quick to defend itself (ensuring that there was any compromise with PRISM), but it has been recorded in the memory of many.
In 2012, also we found another flagrant for enterprise cloud storage case: A security breach allowed users to receive SPAM through the accounts they used for service. Some spam that some customers of the entity initially commissioned report on the thread of community forums and announce full voice on social networks.