The Silver Lining In Your Cloud TM

What the 2012 Dropbox Data Breach Really Means

Data breaches consistently make the headlines—so much so that public reaction to new data breaches is becoming almost blasé. Yet, data breaches remain a top concern for businesses, as the costs of a major data breach can be crippling.

With so many new data breaches to study, why should you be concerned about the Dropbox data breach from 2012?

While the Dropbox breach is an old one, it provides some valuable lessons about keeping data secure, and just how one data breach can impact businesses both directly and indirectly.

The Dangers of Repeating Passwords

According to reports by, “the original breach appears to be the result of the reuse of a password a Dropbox employee had previously used on LinkedIn, the professional social network that suffered a breach that revealed the password and allowed the hackers to enter Dropbox’s corporate network.”

In other words, Dropbox’s data breach was caused by a breach at a completely different, unrelated organization. The single shared password gave hackers a convenient doorway into Dropbox’s system so they could do damage.

Thankfully, Dropbox used strong encryption for their password storage—complete with junk characters to artificially lengthen the password that would further confuse decryption efforts. However, this brings us to the next issue with the 2012 Dropbox hack…

Encryption Isn’t Perfect as a Protection

Despite Dropbox’s encryption of its user passwords, the emails and passwords of roughly 68 million user accounts were leaked onto the internet recently.

As noted in the previously-mentioned Guardian article: “the independent security researcher and operator of the Have I been pwned? data leak database, Troy Hunt, verified the data discovering both his account details and that of his wife.”

The fact that the database of leaked passwords only came to light four years after the initial attack seems to indicate that it took the hackers a while to decrypt the password database. However, this merely slowed the full effects of attack rather than stopping them cold.

Lessons Learned

So, what lessons can be learned from the Dropbox data breach?

  1. The Security of Other Companies Can Impact Your Business
  2. Each User Account On Your Network Should Have a Unique Name and Password
  3. Passwords Should Be Changed Regularly
  4. No Single Security Layer is Enough—Even Encryption
  5. Breaches Can Have Far-Reaching Consequences That Last for Years

Hackers are incredibly persistent and resourceful. They know the bad habits users have of repeating account login credentials between their different personal and professional accounts.

So, by testing the successfully stolen LinkedIn user credentials against the organizations that those LinkedIn users worked for (info that their LinkedIn accounts helpfully listed along with their job titles), hackers knew they would eventually be able to breach other organizations.

By enforcing stronger security measures, such as multi-factor authentication, regular password changes, and training employees not to use the same login credentials for multiple accounts, breaches such as the 2012 Dropbox breach can be prevented.

Learn more about how you can protect your business from a data breach now!