Dropbox has announced that it will be requiring some users to change their passwords, but says that no accounts have been compromised.
If you signed up for Dropbox prior to mid-2012 and haven’t changed your password since, you’ll be prompted to update it the next time you sign in. We’re doing this purely as a preventive measure, and there is no indication that your account has been improperly accessed. We’re sorry for the inconvenience.
The company explains that the move is related to passwords obtained from other websites back in 2012. The company has discovered a list of usernames and encrypted passwords that it believes was obtained then.
It says there is no evidence that anyone managed to decrypt the passwords, and that it doesn’t believe any accounts were accessed. The move, says Dropbox, is purely precautionary.
If you are not promoted to change your password, then no action is required. If you are prompted, you should of course use a unique, strong password.
The news underlines the importance of never using the same login details for multiple sites: the first thing hackers do when they obtain login credentials from any site is to try them on others.