haveibeenpwnedIn the language of black hat hackers (bad hackers), being pwned means having your defenses breached or your data taken. The excellent online serviceĀ haveibeenpwned.com tracks major security breaches around the world, and alerts users if their data has been pwned and released online.

The bad news for many of us, is that in a July 2012 attack, Dropbox had account details for 68 million users stolen from their systems. This haul, which includes email address and passwords has just recently become public, a fact I discovered when haveibeenpwned.com alerted me to the presence of my data within the data set. On the plus side, the passwords were hashed and salted, but half were only protected with SHA-1, which is not nearly as strong as the bcrypt protection on the other half: so, many will not be cracked and available in plain text.

At this point, if you use Dropbox, and have been a user since before July 2012, I would suggest you reset your password.

If you used the same password from Dropbox on other sites, I would recommend you change those passwords too. Especially if you have used it for your primary email account, which hackers will target as a way to get to many of your other accounts.

Although this might seem alarming, please don’t panic. These things do happen from time to time, and as long as you respond appropriately, you can keep your data, identity and systems safe.

Remember, having strong, private passwords is all part of being a good digital citizen.

Please let me know if you have any questions.