Dropbox Wasn’t Hacked but Leaked Credentials Are Real
Bohs Hansen / 3 years ago
There hasn’t been any shortage on high-profile hacks lately. First there was the celebrity iCloud situation and just last week the we were hit with the Snapchat photo hack. This time it’s Dropbox that is being targeted. An anonymous user posting on pastebin claims to have over 7 million Dropbox usernames and passwords. He posted the first 400 credentials with the announcement and said he would release more upon receiving Bitcoin donations.
Dropbox has issued a public statement on their blog about the issue, stating that the credentials are in fact were real, but that their security wasn’t breached and they weren’t hacked either. This is rather a compilation of usernames and passwords from other services that were compromised. The users simply had used the same combination for their Dropbox account as well as many other services.
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
There have been a couple more posts on pastebin since the original post with supposedly more credentials. These however seem to be fake and posted by pranksters instead. Dropbox added in their statements that the majority of the leaked credentials had been discovered prior and the passwords have already been reset.
It didn’t take long after the news was out before I had the first messages in my inbox about it. People asking if it was true, what to do and how to check if they were affected. The usual good advice goes here as so many other places. Don’t use the same password for multiple services, change it regularly from a secure device, enable two-way authentication and keep your security software updated.
Thank you Dropbox for providing us with these information
Image courtesy of Dropbox