Following mega-breaches at big-name brands including LinkedIn, Myspace and Yahoo, cloud storage firm Dropbox is the latest organisation to suffer a major security incident – with over 65 million user credentials reportedly leaked online by hackers.
On 31 July, prior to the full scope of the leak being made public, the Dropbox team issued an urgent security update that said the firm would be prompting users to update their accounts due to an password reuse incident that occurred in 2012.
However, anyone who fails to do so may still be at risk. So, how can you find out if your Dropbox credentials have been stolen and what can you do to bolster security on your current account? Luckily, there's a quick and easy answer.
Australian cybersecurity researcher and lecturer Troy Hunt has created an vital online service called 'Have I Been Pwned' that allows people to search massive databases of emails to check if they have been compromised by hackers. The Dropbox accounts have already been loaded in.
When you get to the homepage, simply enter your chosen email into the large search bar and hit enter. Then, the website will search through the one million-plus accounts and give you a quick response about whether it you have been impacted.
At the time of writing, the website has gathered data on nearly 130 'pwned' websites – with its databases including hacked user accounts from high-profile leaks like Adobe, Ashley Madison, Tumblr, Sony and Hacking Team.
"[It's a] free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach," Hunt states on the website. "I wanted to keep it dead simple to use and entirely free so that it could be of maximum benefit to the community."
If you find your email address on the website – you should change your credentials immediately as they are potentially at risk. If the website in question offers two-factor or two-step authentication, activate it to add an extra layer of security.
Patrick Heim, head of trust and security at Dropbox, has offered some additional advice to concerned users following the 2012 incident.
"We strongly recommend you improve your online safety by setting a unique password for each website you use," he said. "We still encourage users to reset passwords on other services if they suspect they may have reused their Dropbox password."
"If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification. Also, please be alert to spam or phishing because email addresses were included in the list."
Furthermore, Dropbox has added a new page that lets users examine all active login activity on their personal accounts. It will show all devices linked to the account, what country that device is in and the most recent login attempt. Users can utilise this to check for suspicious activity.