If you are a Dropbox customer, you may have received an email from the company informing you that it reset the password of the Dropbox account.
The email offers little information about the why, only that it is a reaction of a security incident that took place in mid-2012.
What this means is that user accounts are only affected by this if they are at least this old.
We’re reaching out to let you know that if you haven’t updated your Dropbox password since mid-2012, you’ll be prompted to update it the next time you sign in. This is purely a preventative measure, and we’re sorry for the inconvenience.
To learn more about why we’re taking this precaution, please visit this page on our Help Center. If you have any questions, feel free to contact us at firstname.lastname@example.org.
Dropbox’s email contains a link to a FAQ help page that answers some of the questions. Probably the most important answers are what you need to do right now, and why the password was reset in first place.
Reason for the password reset
It appears that Dropbox got their hands on a dump file that lists Dropbox user credentials. According to the company, it contains Dropbox usernames (usually an email address), and salted passwords.
All Dropbox users who are on that list receive an email from Dropbox with the information posted above.
Dropbox considers this move a precaution, as it is not aware of any attacks against the accounts on that list, or unauthorized access to one or multiple of the Dropbox accounts on that list.
We are prompting a password update purely as a preventive measure. We have no indication your account was improperly accessed.
Affected users will be prompted to change their account password on the next sign in to Dropbox. This is only the case for users who have not changed their passwords since mid-2012. If you did, you are good.
What Dropbox wants you to do
Dropbox reset affected account passwords. This means that you will receive a prompt to create a new password on the first sign in to the service on dropbox.com.
You may initiate the “forgot your password” process instead if you prefer it that way. Simply enter your Dropbox email on the first page, click on the link in the email that you will receive, and enter a new password for the account.
Also, if you have two-factor authentication enabled, you need to confirm that second step of authorization to complete the process.
Note: If you used the email and password credentials on other sites, you may want to update passwords on those sites as well as attackers may try to sign in using the combination (if they are able to crack the password).
Also, two-factor authentication SMS codes are delayed currently, it appears.
Now you: Did you receive an email from Dropbox?