New Zealand domains caught up in global Dropbox cyber crime hack

Media reports say the email addresses and hashed passwords for more than 68 million Dropbox accounts are now free for download on the internet. Photo / File

The number of Kiwi domains caught up in a global data hack of popular US online file hosting service Dropbox has been estimated at 120,000, while the Government warns that one in five New Zealanders were affected by cybercrime last year - figures that are on the rise.

Media reports say the email addresses and hashed passwords for more than 68 million Dropbox accounts are now free for download on the internet.

Cloud storage firm Dropbox has confirmed that credentials were compromised in 2012 when actors used stolen employee login details to access a database containing the email addresses, passwords and other details of users.

Credential details associated with the accounts were then available for purchase on the so-called 'Darknet'.

Now, the New Zealand National Cyber Security Centre (NCSC) has published information on the extent of the breach in New Zealand.

It believes that about 120,000 of the affected accounts are .nz domains.

However, the NCSC assesses the threat to New Zealand entities as being low.

"Since the 2012 breach, the affected accounts have had an enforced password change," a statement by NCSC says.

"Additionally due to the passwords being hashed and salted, it is very difficult for the passwords to be cracked."

While the risk is low, as with all passwords, the NCSC recommends using complex passwords, two-factor authentication where possible, consider using a password manager tool, and making sure that devices and/or accounts are secured with different passwords.

It comes as Spark said last month that 130,000 customer email addresses may have been compromised in Yahoo's massive 2014 data breach.

Yahoo said computer hackers swiped personal information from at least 500 million accounts in what is believed to be the biggest digital break-in at an email provider.

Communications Minister Amy Adams yesterday said that businesses need to up their game after a survey found fewer than one in five people were given advice on cyber security by their workplace.

The Government-commissioned Colmar Brunton survey found two in 10 people had been victim to a cyber crime such as a virus, online scam, hacking, or ransomware lockdown and seven in ten had experienced an issue such as spam or a phishing email.

While awareness of the risk from suspicious emails was high at 91 per cent, 41 per cent said they did not know what steps they should be taking to address the risks.

The online survey of 1000 respondents showed only 17 per cent had been given any advice or training from their workplace.

Adams released the survey at the launch of Connect Smart Week, which was focusing on cyber security at work. She said cyber crime now had a global cost of $600 billion a year.

While three quarters said they took some steps to manage cyber security, that was down from 84 per cent in the same survey in 2014.

Fewer people were taking basic steps to reduce the risk compared to 2015.

Only 64 per cent said they installed or updated security software - down from 70 per cent last year. Another 63 per cent said they changed passwords regularly, down from 68 per cent, and 56 per cent said they checked their social media privacy settings - down from 60 per cent.

Last year, an estimated 856,000 New Zealanders were victim to online crime at a cost of $257 million.

The Government's cyber crime strategy was launched in December and included the establishment of a "computer emergency response team" for organisations needing help, more cyber crime offences in the law, and a "tick" scheme to identify businesses with good cyber security practices.

&bul; The NCSC encourages anyone to contact them at any time if they require any further assistance or advice. NSCS can be contacted by email via incidents@ncsc.govt.nz or by phone on: 04 498 7654.

www.ncsc.govt.nz