Data stolen four years ago at cloud storage service Dropbox, containing encrypted passwords and details of more than 68 million user accounts have reportedly been leaked.
Following the attack which took place in 2012 Dropbox blog posted a report of a collection of user's email addresses been stolen. However, the cloud storage service provider did not report that passwords had also been stolen as well.
On Tuesday, tech website Motherboard made a report of to have obtained the files containing the account details from sources in the database trading community and breach notification service Leakbase. The website said those files contained Dropbox user's email addresses and "hashed" passwords, which use an algorithm to protect the passwords.
Troy Hunt, an independent security researcher and operator of the Have I been pwned? Data leak database verified the data discovering both his account details and that of his wife.
The security research said that there was no doubt whatsoever that the stolen data contains legitimate Dropbox passwords and it was not possible to fabricate such sort of thing.
Just blogged: The Dropbox hack is real https://t.co/v4Lmg3NSza
— Troy Hunt (@troyhunt) August 31, 2016
According to Motherboard, it was not previously know how many users were affected by the 2012 hack, which says that the Dropbox data leak does not appear to be posted on the dark web. A Dropbox senior staff told Motherboard that the data is legitimate.
Users who had not changed their passwords since 2012 were sent out notifications by Dropbox last week. The company had about 100m customers at the time, meaning the data dump is a representation of over two-thirds of its user accounts.
Dropbox's head of trust and security, Patrick Heim said that there the breach is not a new security incident, and there is no indication that Dropbox user accounts have been improperly accessed. In a statement emailed to FoxNews.com, Heim added that their analysis confirms that the credentials were user email addresses with hashed and salted passwords that were accessed prior to mid-2012.
"We can confirm that the scope of the password reset we completed last week did protect all impacted users," he said adding that even if the passwords were cracked, the passwords reset mean they cannot be used to access Dropbox accounts.
The Dropbox dump is just the latest in a string of high-profile data breaches and it highlights the need for tight security, both at the end user and for the companies storing user data. Earlier this year, a hacker was reportedly looking to sell 117 million passwords from a 2012 LinkedIn breach on the dark web.
Even with solid encryption practices for securing users' passwords, Dropbox fell afoul of password reuse and entry into its company network.
Watch a video of the Dropbox data breach here: