Dropbox is telling its long-time users that it’s time to reset passwords. The company hasn’t been hacked and it’s only doing this a precautionary step. Only users who haven’t changed their passwords since 2012 are being instructed to choose new ones.
In a blog post on its site, Dropbox is saying that it’ll start notifying long-term users to change their passwords. The move seems to be related to previously leaked credentials, that showed up online way back in 2012. Some of those usernames and passwords seem to have been used to try and access Dropbox accounts, but the company is adamant it was not hacked and that no accounts were accessed.
Back in 2012 a third party leaked a number of credentials that worked with Dropbox accounts. At the time the company reset passwords and notified affected the “small number of accounts” that were at risk. However, since then a number of high-profile breaches have made public millions of accounts, email addresses, and other user sensitive data from various sites. Though none of these breaches affected Dropbox directly, some of the credentials leaked were used by users on multiples sites.
That’s why Dropbox is recommending that you reset your password if you haven’t done so. The company is also recommending users take note of security best practices, like not reusing passwords, turning on two-factor authentication and using strong passphrases.
If you haven’t changed your Dropbox password in a good long while the service will notify you automatically. If you have, there’s nothing you need to do.