Wait, how many accounts were affected by a 2012on Dropbox? About 68 million, according to multiple reports.
Back in 2012, Dropbox disclosed that a hacker had accessed its internal systems and accessed a list of user . It didn’t say the list included passwords.
Now Motherboard security expert Troy Hunt and online leak-tracker LeakedSource have each reported they reviewed stockpiles of account information from Dropbox. The account information includes emails as well as passwords, which are encrypted.
Dropbox head of trust Patrick Heim confirmed in a statement that the usernames andwere from mid-2012. The company said all customers who haven’t updated their passwords since that time period have been required to change their passwords.
“We can confirm that the scope of the password reset we completed last week did protect all impacted users,” Heim said.
Heim also reminded users that they should think about whether they reused their passwords in other accounts.
“While Dropbox accounts are protected, affected users who may have reused their on other sites should take steps to protect themselves on those sites,” Heim said in a statement.
This article originally appeared on CNET.com.