During the month of August, motherboard one of prominent online magazine released a report that more than 60 million account details were stolen from the cloud storage provider Dropbox. However now approx. 68 million Dropbox accounts are available to download by anyone.( Exact number as publish on ibtimes :68,680,741 accounts)
During the month of September, the data brokers were selling the dump for $1200 on the darkweb and there is no evidence of how many bought this dump.
Analysis of the dump further says that approx. 32 million Dropbox passwords were secured with strong hashing function bcrypt which means it will be harder to decrypt these passwords by most hackers. Remaining passwords were hashed with SHA1, an algorithm with a salt. (Salt is a random string added to further strengthen the password) However the dump doesn’t include the salt which makes it harder for any hacker to break it and get the real passwords.
Earlier this week on Monday, Thomas White, (Cthulhu) made the full data dump available onto his website saying this will help researches to examine about the breach.
“I have assisted to keep this breach public for those who are struggling to find a reliable source for research,” Thomas White writes on his website.
Dropbox once denied about this hack in the past, has found the true evidence of such magnitude. Last month 5GB of dump files were analyzed by motherboard and have found them to be genuine, after Dropbox confirmed those accounts. As a mitigation step, Dropbox forced its users to change password but the exact number was never released by the company.
“Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time,” – as mentioned by Dropbox earlier.
Dropbox offers 2 factor authentication since 2014 and any user using this security mechanism has better chances protecting their data. And if anyone is still using the same old password since 2012 or has been sharing the password with multiple portals it’s definitely time to change that to keep your account secure.
Last week KrebsOnSecurity.com was targeted by massive 620Gbps DDoS (Distributed Denial of Service Attack) and Kerbs had to take his site down for days. The decision of taking the site down was made after Akamai (aka Prolexic) decides that the pro bono service they were offering was costing them and their customers in millions and […] Continue reading →
Its hardly been two weeks since release of iphone 7 and a security researcher claims that he has already jailbroken in less than 24 hours. Motherboard,a online news portal mentioned that “one teenage hacker has already had success in jailbreaking the iPhone 7 running iOS 10. In fact, the 19-year-old developer, Luca Todesco, claims to […] Continue reading →
It was long due before Facebook made its move to share data between Whatsup app and Facebook after the acquisition. Facebook is known to invade its users privacy with a claim of openness by its CEO Mark Zuckerburg and it did it again last week to monetize as much as possible with a decision to […] Continue reading →
The two names “Blackhat” & “Defcon” rings the bell as the scariest hacker conference for people around the world. People from various disciplines in security with their best researches are invited to speak at the event with room full of security savy folks. Its often said that these two conferences receive 1000’s of applicants and […] Continue reading →
Last evening I left my desktop running the whole night on a photoshop job. Today morning my desktop was showing “blue screen of death ” with a message and a hung desktop. “Your PC ran into a problem and needs to restart, we’re just collecting some error info, and then we’ll restart for you” Microsoft […] Continue reading →
The most admired and well known hacker convention “HOPE” which takes place every two years in the heart of New York City attracted some of the greatest security experts from various disciplines. Hope – 2016 (The Eleventh HOPE) had some of the great speakers from various areas of security and tons of hacker talks about how […] Continue reading →
The Clash of the Kings is one of the most liked game on the mobile environment with more than 100 million downloads but recent hack exposes its 1.6 million gamer information exposed. The hacker exploited outdated vBulletin software(forum’s) and the vulnerability dates back to late 2013 which includes easily exploited security flaws. The exposed data includes usernames, […] Continue reading →