It was well known in 2012 that Dropbox suffered a data breach when its user names and passwords were compromised. But at the time, Dropbox did not admit the breadth of the compromise. Last week, they admitted that 68 million users’ credentials were actually compromised in the 2012 hacking.

Apparently, Dropbox became aware of the full extent of the compromise when the online publication Motherboard obtained the database and the compromised files were available online.

So basically, if Dropbox users have not changed their passwords since 2012, the files in Dropbox could be accessible by unauthorized individuals. Many companies use Dropbox for sensitive company information, deals, M&As, and intellectual property, much of which are the company’s jewels. If they have been shared using the Dropbox application, it should be assumed that they have been compromised.

Companies may wish to reconsider using Dropbox for company data, and individuals should reconsider using Dropbox for any sensitive data, and all users should change their passwords immediately.