Hackers stole more than 60 million user account details from storage platform Dropbox, including passwords, in a security breach that was first revealed in 2012.

At the time, Dropbox said its system had been compromised when hackers managed to access a list of user email accounts, but did not say the breach extended to passwords.

In a story broken by technology publication Motherboard, the hack contained details for more than 68 million accounts. The password hack first came to light when the database was identified by security notification service Leakbase.

Dropbox last week ordered a password reset for those users that signed up to Dropbox before mid-2012, after discovering an old set of account details that it believed was obtained in 2012.

It had a reported 100 million customers at the time, meaning the hack could have affected two thirds of its entire user base, and did reset passwords, but did not reveal how many.

Following Motherboard’s report, the company updated its own statement to say that while “the list of email addresses with hashed and salted passwords is real”, it had no indication that Dropbox user accounts had been “improperly accessed”.

“Still, as one of many precautions, we’re requiring anyone who hasn’t changed their password since mid-2012 to update it next time they sign in,” said the company.