In keeping with this morning’s discussion of hacks, The Guardian reports that nearly two-thirds of Dropbox users had their passwords and email addresses stolen in a security breach. The hack actually occurred in 2012, but at the time, Dropbox thought only email addresses had been stolen. But now it seems that passwords were part of the cyber heist. Dropbox discovered the extent of the data dump while “conducting routine security work.” Then VICE’s Motherboard jumped on sharing some of the details.

In 2012, Dropbox had 100 million subscribers, and 68 million of them had their passwords stolen. The cloud storage company was slightly more forthcoming about the security-lapse revelation than Apple was about that jailbreaking malware that was making the rounds last week—it at least sent out notifications to all users who hadn’t changed their passwords since 2012. Patrick Heim, Dropbox’s head of trust and security, told the Telegraph that “this not a new security incident, and there is no indication that Dropbox user accounts have been improperly accessed.” Still, if you have an account and missed last week’s alert, now would probably be a good time to change your password.