Dropbox has warned customers to update their passwords, while claiming at the same time that it hasn't been hacked.
The email from the cloud storage company is aimed at those who haven't updated their password since mid-2012 or earlier, explaining that they will be forced to do so next time they try to sign in.
Dropbox was keen to emphasise that the measure is "purely preventative" and that there is no evidence that the site has been compromised in any way.
However, Dropbox was hacked in the middle of 2012 and that's maybe why it's targeting specific customers, although the hack was disclosed and widely reported at the time.
The support page explained: "Our security teams are always watching out for new threats to our users. As part of these ongoing efforts, we learned about an old set of Dropbox user credentials (email addresses plus hashed and salted passwords) that we believe were obtained in 2012. Our analysis suggests that the credentials relate to an incident we disclosed around that time.
"Based on our threat monitoring and the way we secure passwords, we don't believe that any accounts have been improperly accessed. Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it the next time they sign in."
This information isn't in the rather perfunctory email, which is as vague as possible presumably to avoid scaring the horses.
Dropbox offers two-step verification and works with FIDO standard security keys, but even customers using these services are being asked to change just in case.
Users of 4chan and Reddit claimed in 2014 to have stumbled across a list of seven million Dropbox passwords, but the company strenuously denied that these were from a hack, and indeed from its customers' accounts at all.
Dropbox, meanwhile, is strongly considering a public share offering in 2017 as the firm looks to follow its bigger rival Box.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance