Dropbox Data Breach (2012)

A couple of weeks ago Dropbox hired some "outside experts" to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee's account was hacked, allowing access to user e-mail addresses. In an explanatory blog post, Dropbox today said a stolen password was "used to access an employee Dropbox account containing a project document with user email addresses." Hackers apparently started spamming those addresses, although there's no indication that user passwords were revealed as well. Some Dropbox customer accounts were hacked too, but this was apparently an unrelated matter. "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts," the company said. Dropbox noted that users should set up different passwords for different sites. The site is also increasing its own security measures. In a few weeks, Dropbox said it will start offering an optional two-factor authentication service. This could involve users logging in with a password as well as a temporary code sent to their phones. That 2012 Dropbox hack that recently led to additional password resets? The 2012 hack reportedly affected 68,680,741 accounts. And maybe someone can explain why in 2016 we're all first finding out the scope of older breaches like this one and LinkedIn, Tumblr, and MySpace, to name just some. Were people not putting hacked data up for sale for years while they misused it? The breached companies often said there was no evidence of real misuse. So why were these data not on the black market and just collecting cyberdust until now?