Over a month ago, The Hacker News reported about the Dropbox Hack, where hackers had managed to steal more than 68 Million Dropbox accounts in a data breach that was initially disclosed by the online cloud storage platform in 2012.
Although the initial announcement failed to reveal the true scale of the data breach, it was in late August when the breach notification service LeakBase obtained files containing details on over 68 million accounts, which contains email addresses and hashed passwords for Dropbox users.
Last month, a hacker was selling this Dropbox data dump on a Dark Web marketplace known as TheRealDeal for around $1200.
However, Motherboard recently discovered that a researcher has just uploaded the full dump of hacked Dropbox database online.
Download DropBox Data Dump Here:
Thomas White, known online as The Cthulhu, uploaded Monday the full Dropbox data dump onto his website in a move, as he claims, to help security researchers examine the data breach.
So, anyone can now download the leaked database of 68,680,741 Dropbox accounts, containing email addresses and hashed passwords, totally for FREE.
"The ... dump was allegedly taken from Dropbox sometime in 2012 following a breach," White writes on his website. "I have assisted [in keeping] this breach public for those who are struggling to find a reliable source for research."White is the same person who previously dumped accounts from massive data breaches in large enterprises, including extramarital affairs site Ashley Madison, social networking site Myspace, and more.
The good news is that out of 68 Million, around 32 Million passwords are secured using strong hashing function BCrypt, which makes it difficult for hackers to obtain many of users' actual passwords.
The rest of the account passwords are hashed with the SHA-1 hashing algorithm and also believed to have used a Salt – a random string added to the hashing process to further strengthen passwords to make it harder for hackers to crack them.
Moreover, the company previously ensured its affected customers that there is no evidence of any malicious access of their accounts, saying "Based on our threat monitoring and the way we secure passwords, we do not believe that any accounts have been improperly accessed."
Dropbox is one of many "Mega-Breaches" revealed this summer, when hundreds of millions of account credentials from years-old data breaches on famous social network sites, including LinkedIn, MySpace, VK.com and Tumblr, were exposed online.
The best way to protect yourself is to change your passwords for Dropbox and other online accounts, especially if you are using the same password for multiple websites, as well as use a good password manager to create and manage complex passwords for different sites.
However, DropBox has already emailed all affected users and completed a password reset process for anyone who had not updated their password since mid-2012, ensuring that hackers can not access your Dropbox accounts even if they crack leaked passwords.