Cloud storage company Dropbox confirmed today the scope of a 2012 breach was bigger than previously known and could include as many as 69 million accounts, according to one report.
The company reset passwords for all affected users — people who signed up for the service before mid-2012 and haven't changed their password since, said Patrick Heim, head of trust and security at Dropbox, in a statement to NBC News.
Vice's Motherboard first reported the breach encompassed nearly 69 million accounts.
“This is not a new security incident, and there is no indication that Dropbox user accounts have been improperly accessed," Heim said.
"We can confirm that the scope of the password reset we completed last week did protect all impacted users. Even if these passwords are cracked, the password reset means they can’t be used to access Dropbox accounts," he added.
The company said it has not detected any malicious access to the affected accounts.
While the password reset should leave users protected on Dropbox, the company warned people who may have used the same credentials on other sites to change their passwords.
The breach comes as data apparently taken from LinkedIn, Myspace and other companies has appeared on the Dark Web for sale. According to Motherboard, the Dropbox data doesn't appear to be listed on any of the major sites.