Dropbox recently discovered a massive data breach resulting in 68 million compromised username and password credentials, further endangering the company’s reputation on cybersecurity. But due to the manner in which Dropbox handled the situation, the company has received praise by industry experts. While Dropbox disclosed the breach in 2012, it was not until recently that the breach notification service, Leakbase, found the number of compromised records to be an estimated 68 million. Dropbox did confirm that the number is accurate, but there is no evidence that the compromised information has been used to login to any Dropbox accounts. Not only were the majority of passwords encrypted, Drobox also “confirmed that the proactive password reset [it] completed last week covered all potentially impacted users,” explained Patrick Heim, head of trust and security at Dropbox.
Dropbox disclosed the 2012 breach soon after it was discovered but some cybersecurity experts believe swift action should have been taken sooner. Nonetheless, specific data from the Dropbox dump has yet to appear on major dark web marketplaces, suggesting that Dropbox’s encrypting methods were successful. One hacker told that the value of stolen credentials greatly diminishes once the passwords are appropriately secured. While the breach was certainly a headache for the company, the results would have been immensely disastrous had Dropbox not had a sound data breach response plan in place. Their ability to respond timely and appropriately proves how important these plans are.