Returning to campus: Information, updates and vaccination requirements. Learn more.

Breached Dropbox Credentials

Threat Level: Low
Threat Type: External Account Breach
Advisory Date: 07/04/2019

Description

On Aug. 31, 2016, many University of Regina email addresses appeared in a public password leak from the 'Dropbox' website (dropbox.com). This means that a previously created a Dropbox account used a University of Regina email address. The Dropbox service has since been breached, and the account credentials used on this site as of 2012 have been released publicly.  There is no indication that Dropbox user accounts have been improperly accessed, but passwords should be reset as a preventative measure.

Resolution

If prompted by Dropbox, you need to choose a new and strong password for Dropbox. If you don’t receive a prompt from Dropbox, you don’t need to do anything. However, for any of you who’ve used your Dropbox password on other sites, we recommend you change it on Dropbox and other services. We also recommend that you enable two-step verification.

Although the breached site has already taken action by resetting Dropbox passwords, you are still at risk if you used the same or similar password for University of Regina accounts, online banking, or other accounts. If you did reuse passwords, it is recommended that you change your passwords as soon as possible.

As with any account credential, several precautions should be taken:
-Choose a totally unique password for each account, website, or service.
-Choose passwords to include a mix of letters, numbers, and symbols.
-Make your password long - the longer the better.
-Set up Two-Factor Authentication for all accounts which support it.

To change your University of Regina password, please visit: https://novapp.cc.uregina.ca/perl/chpass.pl .

For guidelines on creating strong passwords, please visit: http://www.uregina.ca/is/security/resources/resource-password.html .

Resources

For further resources on this password breach, please see: https://blogs.dropbox.com/dropbox/2016/08/resetting-passwords-to-keep-your-files-safe/.

To find if your account was among those included in the breach, you can search the addresses included in the breach at: https://haveibeenpwned.com. If your address is found in the Dropbox or any other breach, password changes are recommended.

Please note that the data included in this notification was acquired from an external source. The University of Regina makes no representations, guarantees, or warranties as to the accuracy, completeness, currency, or suitability of the information provided in this notification. The information is provided "as-is” for preventive and corrective purposes.

Please contact the University of Regina IT Support Centre if you have any questions or require assistance:

Webform http://www.uregina.ca/is/forms/ticket.html
Email IT.Support@uregina.ca
Phone 306-585-4685