Dropbox, the most high-profile independent cloud storage company, has reportedly suffered a cyber attack that resulted in the compromising of some 68 million accounts.
The attack was confirmed by venerable security researcher Troy Hunt, following press reports, who claimed that he and his wife were affected.
It comes less than a week after Dropbox sent emails to a number of users suggesting that they update their passwords which, the company said, hadn’t been updated for a number of years.
Motherboard was the first with the news but Hunt verified it by checking his own details against a database released by a ‘supporter’ of the Have I been pwned? website.
“Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked,” Hunt wrote in a blog post.
“Not just a little bit hacked and not in that ‘someone has cobbled together a list of credentials that work on Dropbox’ hacked either, but proper hacked to the tune of 68 million records.”
Dropbox said in a blog post last week that anyone with a password created five or more years ago should change it immediately.
“If you signed up for Dropbox prior to mid-2012 and haven’t changed your password since, you’ll be prompted to update it the next time you sign in,” the company said.
“We’re doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed. We’re sorry for the inconvenience.