Online storage platform Dropbox is resetting user passwords that have not been changed since 2012, the company has announced. The move is a precautionary step rather than the result of a new security incident.
In a blog post outlining the move, Patrick Heim, head of trust & security, said any user that opened an account before the middle of 2012 and had not changed the password since then would be asked to do so next time they log in.
“We’re doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed,”
the blog said.
All this stems from the problem of password reuse—where a user picks the same password for multiple websites or services. Back in 2012,
Dropbox revealed that a security breach at the company had occurred when a number of user accounts were accessed, using credentials stolen from another website, possibly
LinkedIn or even the
MySpace hack.
One of the accessed accounts belonged to a Dropbox employee, whose account contained a document that listed user email addresses. These email addresses were stolen and subsequently targeted by spam emails.
