Dropbox

In mid 2012 the cloud storage provider Dropbox suffered a major security breach when a database containing user credentials was compromised. The incident originated from a password reuse attack on a Dropbox employee account which allowed unauthorized access to a project management tool containing a user database. The breach exposed over 68 million accounts including email addresses and salted password hashes. Approximately half of the passwords were protected with SHA1 while the other half utilized the more secure bcrypt algorithm. Although the theft occurred in 2012 the full extent of the data was not publicly verified until August 2016 when the database began circulating on the darknet leading to a mandatory password reset for all affected users who had not changed their credentials since the incident.