Dropbox reportedly hacked as usernames and passwords appear online

Scorpus

Scorpus

Posts: 2,162   +239
Staff member

Update: Dropbox claims that they were not, in fact, hacked, citing third-party sources for the list of compromised accounts. A subsequent list of usernames and passwords which was posted online has since been verified by the company to not be associated with Dropbox accounts.

Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.

Original story follows:

Dropbox has been reportedly hacked, with the username and plain text password combinations of at least 400 users uploaded to Pastebin as a "teaser" for a larger release of information.

The total hack allegedly comprises of the information of 6.9 million users, which is a small subset of Dropbox's 200+ million user base. Nevertheless, this hack is concerning for users of the service, who expect that their personal files including photos and videos are safe.

At this stage it's not clear who is responsible for the hack, or whether they do in fact have the account details of 6.9 million users. Some people have tested the information already published and can confirm it is genuine, however the release could be an elaborate scam to pry money from those with malicious intent.

Whoever released the current set of information is asking for Bitcoins to release more. Whether or not a further release will occur remains to be seen.

Regardless of whether the hack is real or a scam, to be on the safe side we advise that you log in to your Dropbox account, change your password immediately, and enable two-factor authentication.

Dropbox is already aware of this security breach, and are forcing password resets for all users who have their information exposed on Pastebin.

Permalink to story.

https://www.techspot.com/news/58424-dropbox-hacked.html

 
Thanks for the notice.

After reviewing the pastebins (there are currently three), it would appear that 1) the hacker is attempting to con people out of bitcoins and 2) a lot of people have garbage passwords.
 
  • Like
Reactions: oldikes
Is this a new trend now? Always blame the third party developers for these security loopholes.

Clearly the API that they developed for third parties to integrate into the system is really secure then.

Yup. =|
 
It might be as they say, I have an account A on Dropbox and as dumb as I am (Yeah clearly I am... will get into that later) use the same password on service B Forum, it's so light on security that it got compromised and now they tried the same password on other popular services and voila! They managed to hack my Dropbox account.

I got something similar happen yesterday... I use a generic password on such services like forums, after all I won't care if my techspot account gets hacked, for example.

But the thing is, a friend sent me a trial invite into something, I used my generic password and ended up contracting the service, then it got hacked. The good news is I know now that I won't be using that password anymore without loosing anything (Thankfully) and I'm insta-setting 2-step verification process wherever they offer it.
 
You must log in or register to reply here.

Similar threads

midian182
Dropbox's new AI features share your files with OpenAI
Replies
6
Views
247
Mr Majestyk
M
A
23andMe is now blaming users and their recycled passwords for data breach
Replies
6
Views
300
mbk34
M
midian182
Apex Legends tournament postponed after players hacked mid-match
Replies
0
Views
83
midian182
midian182

Latest posts

Back