Cloud storage website Dropbox has said there is no indication any of its users have been hacked following a data leak of more than 60 million account details.
The US firm said it has learned of a database of user email addresses and hashed, or encrypted, passwords it believes was obtained in a breach in 2012.
Technology website Motherboard said it had obtained some of the information through the database trading community and in total, the files contain 68,680,741 account details.
A spokesman for Dropbox, which has 500 million registered users worldwide, said: “We can confirm that based on our intelligence, the number we have seen is in the 60-plus million range.”
The firm added that it had completed a process of resetting passwords, including through a warning to users who signed up before mid-2012.
Dropbox head of trust and security Patrick Heim said: “This is not a new security incident, and there is no indication that Dropbox user accounts have been improperly accessed.
“Our analysis confirms that the credentials are user email addresses with hashed and salted passwords that were obtained prior to mid-2012.
“We can confirm that the scope of the password reset we completed last week did protect all impacted users.
“Even if these passwords are cracked, the password reset means they can’t be used to access Dropbox accounts. The reset only affects users who signed up for Dropbox prior to mid-2012 and hadn’t changed their password since.”
But Mr Heim warned that people who use the same password for other applications and websites should consider changing them as well.
He said: “While Dropbox accounts are protected, affected users who may have reused their password on other sites should take steps to protect themselves on those sites.
“The best way to do this is by updating these passwords, making them strong and unique, and enabling two-step verification. Individuals who received a notification from Dropbox should also be alert to spam or phishing.”
In 2014, the company was forced to deny that it had been hacked after an anonymous account posted what it claimed were the usernames and passwords of millions of the site’s users.
An anonymous post to website Pastebin, traditionally used to save text users would like to paste elsewhere later, contained a list of email log-ins and passwords the hacker claimed were linked to Dropbox accounts.
The post claimed that more than 6.9 million Dropbox accounts had been hacked, and that more would be posted if donations of digital currency Bitcoin were made.
The company’s spokesman added: “There is no connection between our actions to proactively reset users’ passwords last week and the claimed breach in 2014.”