User details of over 68 million Dropbox accounts are now available online to help researchers examine a breach that took place in 2012. Anyone can now download the email addresses and hashed passwords for a total of the 68,680,741 accounts that were breached.
"I have assisted to keep this breach public for those who are struggling to find a reliable source for research," says Thomas White, also known as The Cthulhu who uploaded the full dump on his website.
In the past, White has dumped data from other big breaches as well as emails and files from affairs site Ashley Madison, Myspace user accounts and more.
Users of the service were taken aback in August this year, when Dropbox declared that the 2012 data breach allowed attackers to steal over 68 million usernames along with hashed and salted passwords. The company issued an urgent security update that prompted users to update their accounts.
"If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification. Also, please be alert to spam or phishing because email addresses were included in the list," the company had warned then.
Since then, the company has maintained that 32 million of the stolen Dropbox account passwords were protected with advanced and powerful hashing function bcrypt which means hackers cannot obtain actual passwords of the users. The company also says that it has not observed any malicious activity on the hacked accounts recently.