Dropbox is Requesting Me to Change My Password

Craig Pollack | Aug 26, 2016

Topics: Cybersecurity

Dropbox email change

Dropbox recently sent an email requesting users to change their passwords.  Unfortunately, with spam and phishing concerns it may have gone unnoticed by the majority of the audience it was meant for. So, for you Dropbox users who may have missed it, here's a quick recap.

According to Dropbox, the reason they're requesting this change is due to a breach that happened back in 2012:

"Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time."

Here's the the page from the Dropbox Help Center, 

I’m being asked to create a new password on dropbox.com—why, and what should I do?

If you use Dropbox (or any cloud hosted site for that matter), it's a great practice to change your passwords on a recurring basis.  On top of that, and while you're at it, you should add another layer of protection by turning on Two Factor Authorization (2FPA).  

As always, we recommend that you do the following for all apps and services:

  • Avoid reusing the same passwords across multiple services
  • Create strong, unique passwords
  • Consider using a passphrase instead of a password
  • Only sign in to your account from secure devices and always sign out if accessing on a non-personal device
  • Enable two-factor authorization whenever possible

On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.

Cyber Security Report Card


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.