UPDATE 8/31: As many as 60 million accounts may have been compromised in the 2012 breach that prompted Dropbox to request that users change their password, Vice News reports this week. A spokesperson told Vice that Dropbox has seen no evidence of malicious access of these accounts.
If you've neglected to change your Dropbox password for some time, now is a good time to update.
Dropbox is requiring users to reset their passwords if they haven't done so since mid-2012. While you're at it, the company also recommends that you considertwo-factor authentication.
"Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time," reads a blog post from Dropbox.
"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we're requiring anyone who hasn't changed their password since mid-2012 to update it the next time they sign in."