Data stolen in Dropbox's 2012 breach, containing details of around two-thirds of cloud firm's customers as well as 68 million encrypted passwords has been leaked online.

Dropbox's 2012 Data Breach

According to a report published by Motherboard, hackers have been able to steal more than 68 million login and password pairs for Dropbox accounts. The security notification service Leakbase was the one that found out first about the stolen data.

Both independent researcher Troy Hunt and Dropbox have confirmed that the leaked data comes from a breach in 2012 of Dropbox's database. While verifying the data, Hunt has even discovered both his account and his wife's account details. The researcher said that the data breach certainly contains legitimate Dropbox passwords, because would not be possible to simply "fabricate this sort of thing."

The attack that allowed hackers to steal over 68 million user email addresses and passwords now dumped online took place during the year 2012. Dropbox reported at the time on the company's blog that hackers have stolen a collection of user's email addresses. The stealing of passwords had not been reported.

According to The Verge, the passwords associated with Dropbox accounts are encrypted through a variety of algorithms. However, security experts advise users of the Dropbox cloud storage service to implement two-factor authentication as well as to change their passwords.

The scope and depth of that breach seems more serious than previously thought. According to The Guardian, one of the issues highlighted by the Dropbox data breach is the password reuse. In order to deal with this problem, last week Dropbox sent out notifications to all users who had not changed their passwords since 2012.

At the time of the 2012 data breach, the company had around 100 million customers and its passwords were encrypted. However, the original Dropbox breach is thought to be the result of stealing the password of a Dropbox employee, allowing the hackers to enter Dropbox's corporate network.