Account information for millions of Dropbox users is being leaked online, more than four years since the file sharing service suffered a major data breach.

Fox News reports that as many as 68 million accounts were compromised, with email addresses and password data now being shared on the web.

Dropbox told that even if the passwords were cracked, hackers wouldn’t be able to access those accounts because of a recent reset.

The cloud storage service says they reset passwords for users who signed up before mid-2012 and hadn’t bothered to change their passwords since.

Using the same password on multiple sites

The collateral damage from this data breach could be a more of a concern.

“The real risk for a breached user isn’t the site that leaked their user information,” said Rob Juncker, VP of Engineering at Ivanti. “It’s the fact that most users use the same credentials at multiple sites and hackers know this.”

Juncker, an expert in cybersecurity, says being lazy with your password exposes you and your company to the possibility of a full-on cyber onslaught.

“Having discrete credentials per site is a key aspect of securing yourself as a user,” said Juncker.

Users make common mistakes when it comes to generating passwords when creating new accounts.

Adding a number at the end

“Adding a number at the end of a password doesn’t qualify,” he said. “Realize that if all you did was add a number, or add one to an existing number on the site, you might as well have just left it the same.”

A lot of emphasis is placed on coming up with unique, hard-to-crack passwords; but Juncker says your usernames, and more importantly the email address you use when signing up, can be just as critical when it comes to protecting your sensitive information.

“With some sites like Facebook and Instagram, most users will trend towards their personal emails,” he said. “Corporate sites often are registered with corporate credentials.”

Using a work email address

Many users register for sites liked LinkedIn and Dropbox with email addresses linked to their employer’s domains. Juncker says this dangerous practice can open the door for hackers to access your businesses’ network.

“The problem this creates is your corporate security teams have no control over the password governance on these sites,” he said. “But it provides a link from a credential to a corporate network when you use a corporate email.”

Key takeaways

Juncker’s advice: stop using the same password, or a variation of, for everything, and think twice about using your work email address for online accounts. A little extra diligence can save you a lot of hassle when it comes to protecting your personal and proprietary information.

Are you guilty of any of these password blunders? Check out Ivanti solutions.

Layered security is the whole endpoint