Dropbox has warned customers to update their passwords, while claiming at the same time that it hasn't been hacked.
The email from the cloud storage company is aimed at those who haven't updated their password since mid-2012 or earlier, explaining that they will be forced to do so next time they try to sign in.
Dropbox was keen to emphasise that the measure is "purely preventative" and that there is no evidence that the site has been compromised in any way.
However, Dropbox was hacked in the middle of 2012 and that's maybe why it's targeting specific customers, although the hack was disclosed and widely reported at the time.
The support page explained: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in."
This information isn't in the rather perfunctory email, which is as vague as possible presumably to avoid scaring the horses.
Dropbox offers two-step verification and works with FIDO standard security keys, but even customers using these services are being asked to change just in case.
Users of 4chan and Reddit claimed in 2014 to have stumbled across a list of seven million Dropbox passwords, but the company strenuously denied that these were from a hack, and indeed from its customers' accounts at all.
Dropbox, meanwhile, is strongly considering a public share offering in 2017 as the firm looks to follow its bigger rival Box.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear