Dropbox Wasn’t Hacked but Leaked Credentials Are Real

/ 3 years ago


There hasn’t been any shortage on high-profile hacks lately. First there was the celebrity iCloud situation and just last week the we were hit with the Snapchat photo hack. This time it’s Dropbox that is being targeted. An anonymous user posting on pastebin claims to have over 7 million Dropbox usernames and passwords. He posted the first 400 credentials with the announcement and said he would release more upon receiving Bitcoin donations.

Dropbox has issued a public statement on their blog about the issue, stating that the credentials are in fact were real, but that their security wasn’t breached and they weren’t hacked either. This is rather a compilation of usernames and passwords from other services that were compromised. The users simply had used the same combination for their Dropbox account as well as many other services.

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

There have been a couple more posts on pastebin since the original post with supposedly more credentials. These however seem to be fake and posted by pranksters instead. Dropbox added in their statements that the majority of the leaked credentials had been discovered prior and the passwords have already been reset.

SEE ALSO:  IMGUR Reveals Passwords and E-Mails Were Stolen in 2014 Hack

It didn’t take long after the news was out before I had the first messages in my inbox about it. People asking if it was true, what to do and how to check if they were affected. The usual good advice goes here as so many other places. Don’t use the same password for multiple services, change it regularly from a secure device, enable two-way authentication and keep your security software updated.

Thank you Dropbox for providing us with these information

Image courtesy of Dropbox

Topics: , , , , ,


One Response to “Dropbox Wasn’t Hacked but Leaked Credentials Are Real”
  1. Wayne says:

    Things are slowing down. One high profile hack a week is not gonna cut it in the news. Either the hackers are taking a well earned break or some high profile companies are taking their security slightly more seriously and dropping a buck or two on it.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!