Dropbox Exploit Confirmed: Are You Among The Victims ?

  • Saad Qureshi
  • Sep-01-2016

After the exploit of Opera Sync, the leading cloud storage company “Dropbox” has demanded around 100 million users to change their passwords immediately. The figure includes users that haven’t changed their passwords since 2012.

The request is an outcome of a major security breach that took place about four years ago when the business-oriented social networking site “Linked In” was exploited. The hacking incident impacted thousands of users, and a Dropbox employee was among the victims.

The compromised account contained sensitive information (usernames and passwords) of about 68m Dropbox subscribers; that had been stolen.

However, the exploit has come into light as independent security notification service has verified the stolen data “Have I been pwned”. The CEO of “Have I been pwned”, Troy Hunt has confirmed the legitimacy of the leaked data and suggested users to change their passwords while adopting two-factor authentication system. Interestingly, the breach has affected two-third of Dropbox’s overall users.


“There is no doubt whatsoever that the data breach contains legitimate Dropbox passwords, you simply can’t fabricate this sort of thing. Definitely still change your password if you’re in any doubt whatsoever and make sure you enable Dropbox’s two-step verification while you’re there if it’s not on already.”

CEO of “Have I been pwned”, Troy Hunt


Is The Exploit For Real?

A series of debate has ignited among Dropbox users, raising questions like is the hack for real? How can Dropbox not impose adequate encryption mechanism to safeguard users’ data? To kill the confusion, we at this moment affirm the exploit as a legitimate incident. And, the users can do little to protect themselves against the attack, especially by changing their passwords.

Moreover, if you’re curious to identify whether you’re among the breached users then read on to find out.

How to Identify If You’re Among The Victims?

To check if your account has been compromised by the breach follow these steps:

  • Launch the internet browser from your device
  • Access the official site Have I been pwned
  • Now, enter username that you selected to sign up for Dropbox
  • As soon as you hit enter, the site will notify if the breach has compromised your account

However, if you see the following message:

Dropbox Exploit.

Then, unfortunately, you’re among the 68 Million users who had been victimized by the exploit. We recommend you to change your Dropbox account password immediately along with all other accounts who share similar passwords. In addition to this, use the feature “Notify me when I get pwned” to get notified whenever a exploit occurs, compromising your account.

Saad Qureshi

Saad Qureshi


Saad Qureshi's Biography :

Saad is a privacy advocate by day and a Dota 2 player by night. He loves to share his knowledge, experience, and insights about internet freedom and online privacy. When he is not busy blogging about the latest trend in the tech world, he is engaged in killing noobs on Dota.