7 Million Hacked Dropbox Passwords up for Sale
Only yesterday we confirmed that a Dropbox glitch had wiped large amounts of data from their cloud based storage service. Today Dropbox finds itself having to deny it has been compromised as hackers leak hundreds of passwords online, promising to release almost 7 million more if they’re paid in Bitcoin for the information.
However, Dropbox has denied it has been hacked, saying the passwords were stolen from third-party services meaning they are most likely not even passwords for Dropbox, unless of course you use the same password for everything…
An entry on Pastebin, posted on October 13, shows a list of 400 emails and matching plain text passwords, claimed to be part of a large-scale Dropbox hack. The login details for the 400 email addresses, each one starting with the letter B, have been labelled as a “first teaser…just to get things going”.
Check out our guide to changing your password and enabling Two-step verification: Here
It is unclear how the account details were accessed and, indeed, whether or not they are actually legitimate. However, the hackers claim to have accessed details from 6,937,081 individual accounts and are threatening to release photos, videos and other files.
Dropbox spokesperson had this to say:
“Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”
Regardless of the validity of the hackers’ claims, it is probably worthwhile changing your password just to be on the safe side, and turn on Dropbox two-factor authentication it’s accessed on the security settings page, and takes a couple of minutes.
Dropbox issued a further statement today saying:
“The usernames and passwords…were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”