1011+ breaches tracked — check free
EmaiLeaked
travel_explore Email checker lock Password checker database Recent breaches menu_book Data breach guide article Blog group About
search Check my email now
Privacy Terms Contact Editorial standards Disclaimer

Dropbox

High

Data breach — July 2012

In 2012, a stolen employee password was used to access an internal Dropbox document containing user email addresses, which attackers then used for spam campaigns. The full scope was not revealed until 2016, when it became clear that 68.7 million email addresses and hashed passwords had been exposed in the same incident.

68.6M
Records exposed
2012
Year
2
Data types
Free
To check
Check if you were affected — free

Quick answer — was Dropbox breached?

Yes. Dropbox was breached in July 2012, exposing 68,648,009 records including email addresses, passwords. This breach has been independently verified. If your email was involved, your data may still be at risk today. Check if you were affected.

What happened in the Dropbox data breach?

In 2012, a stolen employee password was used to access an internal Dropbox document containing user email addresses, which attackers then used for spam campaigns. The full scope was not revealed until 2016, when it became clear that 68.7 million email addresses and hashed passwords had been exposed in the same incident.

Passwords stored at the time of the breach were hashed with bcrypt for newer accounts and SHA-1 for older ones. While bcrypt resists bulk cracking, the SHA-1 hashes were more vulnerable. Dropbox forced password resets for all accounts that had not updated their credentials since mid-2012.

The Dropbox breach originated through password reuse — the attacker used credentials stolen from a separate breach to access an employee's Dropbox account, making it a direct demonstration of how a breach at one service can cascade into an attack on another. Learn more about what a data breach means for you.

Why was the Dropbox breach so dangerous?

Passwords stored at the time of the breach were hashed with bcrypt for newer accounts and SHA-1 for older ones. While bcrypt resists bulk cracking, the SHA-1 hashes were more vulnerable. Dropbox forced password resets for all accounts that had not updated their credentials since mid-2012.

Don't wait to find out — check if your email was exposed in this breach.

What data was stolen in the Dropbox breach?

Email addresses Passwords

Email addresses — used for phishing attacks and credential stuffing against your other accounts

Passwords — can be used to access your accounts directly or cracked to reveal your actual password

Timeline of the Dropbox breach

Mid-2012

An attacker uses a Dropbox employee's credentials — reused from a separate breach at another service — to log in to the employee's Dropbox account and access an internal project document containing customer email addresses

July 2012

Dropbox customers begin reporting unsolicited spam to the email addresses they registered with Dropbox — the first public evidence that email data was accessed

August 2012

Dropbox publicly acknowledges the breach, attributing the spam to access via the employee account; the company believes at this point that only email addresses were accessed

August 2016

A database of 68.7 million email addresses and hashed passwords from the 2012 incident appears for sale on the dark web; the full scope of the original breach is confirmed for the first time

August 2016

Dropbox forces password resets for all accounts where credentials had not been updated since mid-2012

Is the Dropbox breach still dangerous in 2026?

Yes. Stolen data from the Dropbox breach remains dangerous years after the incident. Attackers routinely compile data from multiple breaches to build complete profiles, and credentials from 2012 are still actively used in automated attacks today.

Personal information like email addresses, phone numbers, and dates of birth does not expire. Even if you changed your Dropbox password, the other exposed data can be combined with information from other breaches to target you. Learn how long stolen data stays dangerous.

What to do if your email was in the Dropbox breach

1

Change your Dropbox password immediately

Log into Dropbox and change your password to something strong and unique — one you have never used anywhere else.

2

Change any account sharing that password

If you reused this password elsewhere, change it on every affected account. Attackers test stolen credentials against hundreds of popular sites within hours.

3

Enable two-factor authentication

Turn on 2FA on Dropbox and every important account. Even if your password is known, attackers cannot access the account without the second factor.

4

Check your other accounts for this breach

Run a full email scan to see every breach your address appears in — not just this one.

Check all my breaches — free

Frequently asked about the Dropbox breach

How did the Dropbox breach happen?
The attacker did not break Dropbox's own security directly. Instead, they used a Dropbox employee's credentials that had been stolen from a separate, unrelated breach at another service — the employee had reused the same password. This gave the attacker access to an internal Dropbox document containing customer email addresses, and from there to the broader credential database.
Were my actual files and documents in Dropbox exposed?
No. The breach affected only login credentials — email addresses and hashed passwords. The stored files and folders in Dropbox accounts were not accessed as part of this incident. The primary risk was account takeover through cracked or reused passwords, not file theft.
Why did Dropbox not know the full scope until 2016?
In 2012, Dropbox's investigation concluded that only email addresses had been accessed — the larger database exfiltration was not detected at the time. The full picture emerged in August 2016 when the credential database appeared for sale online, four years after the original incident. This delayed discovery is common with credential breaches that are traded privately for years before becoming publicly visible.
What does the Dropbox breach show about password reuse?
The Dropbox breach did not start with an attack on Dropbox — it started with a password that had already been stolen from somewhere else. The attacker simply tried the same credentials on a different target. Using the same password across multiple services means a breach at any one of them can unlock all the others. The Dropbox incident is a clear case study in why password uniqueness matters as much as password strength.

How this breach page is reviewed

Breach pages are built from structured breach records and reviewed for practical risk guidance by EmailLeaked. Risk labels reflect exposed data types and are intended to help readers prioritise action.

Editorial standards Report a correction

Sources

Dropbox 2012 breach — official disclosure

Last reviewed: 2026-05-01

Other major breaches

S
Synthient Credential Stuffing Threat Data 2.0B records · 2025
C
Collection #1 772.9M records · 2019
O
Onliner Spambot 711.5M records · 2017

Was your email in this breach?

Check if your email appeared in the Dropbox breach and 1010+ other known breaches — free, instant, no signup.

Check my email — free

No signup · Under 2 seconds · Never stored

Was my email hacked?

Check if your email is compromised in seconds. Free, private, no signup. Scan millions of breach records across 1011+ known breaches.

Check my email now — it's free

No signup required · Results in under 5 seconds · Your data is never stored