Dropbox released a statement warning users that 68 million account credentials were compromised during a data breach dating back to 2012. Dropbox has emailed all users believed to be affected by the breach and initiated a password reset for those users who have not changed their passwords in the past four years. If you do not receive a prompt from Dropbox asking you to change your password, you should still take this opportunity to choose a new password.
If you receive an email from Dropbox asking you to reset your password, do not click the links in the email. Instead, open a new web browser window and navigate to the Dropbox homepage to reset your password there. Hackers often base phishing campaigns on well-publicized hacks such as this.
If you are currently using your 2012 Dropbox password on other sites, you should change those passwords as soon as possible. Follow these tips for creating a strong password. Security researchers recommend that you do not use the same password for multiple accounts.
ITS also recommends that you install two-step verification for your Dropbox account. With two-step verification enabled, you will be required to enter a six-digit security code or a security key in addition to your password when you log into your account. Applying two-factor authentication to your Dropbox or other online accounts greatly increases the security of your information.