Emerging Threats

Dropbox has verified that 68 million user credentials have been exposed

Authored by a Symantec employee


Dropbox has announced via their blog that 68 million user email addresses with hashed and salted passwords have been exposed. Dropbox has verified that the information is indeed legitimate. As a result, they have proactively completed a password reset for anyone who hadn’t updated their password since mid-2012. They’re contacting account owners via email and the next time they login, they will be prompted to update their passwords.

Don’t wait until a threat strikes.

Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.

Enjoy peace of mind on every device you use with Norton Security Premium.

No Credit Card Required

The credentials that have been affected were from a data breach the company suffered in 2012.

So if you have signed up for a Dropbox prior to mid-2012 you may be affected.

The Best Defense Against Data Breaches Is Diligence and Proactive Protection

While data breaches aren’t easily preventable on your part, there are actions that you can take in the event of a data breach to help yourself stay protected. If you feel that you have been impacted in this data breach, here are a few steps you can take to protect yourself further:

  • Single, complex passwords can be difficult to remember, let alone multiple ones. A good amount of users tend to use the same password across multiple sites. As a result, data obtained from one website breach will be used across other websites, in hopes of email and password reuse, granting the criminal access to additional accounts. If you do this practice, change your passwords on any sites that use the same email and password combination immediately. Be sure that each password is unique to each site.
  • Enable two-step verification. Even if a website or app has strong security controls, your online accounts can become vulnerable to attack if you reuse passwords or have weak passwords. That’s why Dropbox and Norton strongly recommend turning on two-step verification for Dropbox and other sites that support it.
  • Since passwords are a bit tricky to manage, Norton can help. You can learn more about safe passwords and password managers and keep them secure via Norton’s Identity Safe for free.
  • If you're unsure if you have been affected by this breach, or any other data breach, you can sign up for, which will notify you by email if any of your usernames and emails have been exposed in a data breach.

Even if you haven’t been affected by this particular incident, the aforementioned tips are also a great way to get proactive about your own cyber protection. Think of it like insurance- you don’t wait for something to happen and then get insurance, you already have it in place just in case.

Isn't it time to upgrade your security?

Upgrading to new devices and software can often mean downgrading your privacy and security. It’s time to take your security seriously. Download the full version of Norton Security Deluxe free for 30 days, and test-drive it on up to 5 of your devices – PCs, Macs, smartphones or tablets.

Create an account today and be up and running in minutes.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.