This article is about the release of account info for about 68 million DropBox users. The breach occurred in 2012 but now, 4 years later, the raw passwords are being released on the web. There are a few things I find interesting about the article. First, it mentions that what allowed the breach to take place back in 2012 was that one of its employees passwords was obtained by hackers. It is safe to assume that the hackers used a form of social engineering to obtain this password. What I also found interesting were the encryption methods used to encrypt the actual passwords- the SHA-1 algortihm and the Bcrypt hashing function. The SHA-1 hashing algorithm, it appears, is all but extinct as the time and effort it takes to break this encryption method have grown much smaller. What I think is most interesting here is that, in 2012, SHA-1 was a respectable encryption method. The use of Bcrypt enforced the hashing of the passwords but hackers were still able to spend four years breaking the encryption. It becomes very clear from this example that, once data is obtained by hackers, all bets are off. The means by which data is encrypted today is sure to become extinct in years to come. I think the biggest takeaway here is that strengthening perimeter defenses-making it extremely difficult for hackers to gain entrance to systems at all-is the most important aspect of cyber defense.
Article: http://thehackernews.com/2016/08/dropbox-data-breach.html