Cloud storage service Dropbox is requiring that any users who signed up for Dropbox before mid-2012 and have not changed their passwords since to change them upon logging in next time, the company wrote in a blog post. Though Dropbox says they have not spotted any illicit activity, they now have decided to be cautious after some user credentials were obtained back in 2012:
Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe was obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time. Based on our threat monitoring and the way we secure passwords, we don’t believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in.