2024: Dropbox's 2012 credentials resurface in the 'Mother of All Breaches'
January 2024
In January 2024 a 26-billion-record compilation dubbed the 'Mother of All Breaches' surfaced online — and the 68 million credentials stolen from Dropbox in 2012 were among the datasets bundled into it.
What happened
In January 2024, security researchers reported the discovery of an enormous aggregated dataset — roughly 12 terabytes containing about 26 billion records compiled from thousands of past breaches — which they nicknamed the 'Mother of All Breaches' (MOAB). Most of it was repackaged from known incidents, but consolidating it into a single searchable trove meaningfully lowered the effort for attackers to mount credential-stuffing and targeted phishing at scale.
Among the datasets folded into MOAB were the roughly 68 million Dropbox user credentials stolen in the 2012 breach, alongside records from LinkedIn, Adobe, Twitter, and many others. For Dropbox specifically, MOAB is a vivid demonstration of breach 'long tail': credentials taken in 2012, not fully disclosed until 2016, and force-reset that year, were still circulating and being re-weaponized twelve years later in 2024.
The entry is included because it shows that a breach's consequences do not end with disclosure or a password reset. Anyone who reused their pre-2012 Dropbox password elsewhere — and never changed it — remained exposed as those credentials kept resurfacing, now bundled with billions of others for easy abuse.
Impact
MOAB underscores why the 2012 Dropbox breach still matters: stolen credentials are effectively permanent, and aggregation makes them more dangerous over time, not less. It reinforces the case for unique passwords and 2FA, and it is a concrete reminder that a provider's 'we reset the passwords' response does not undo the lasting exposure of the underlying theft.