Updated 8:30pm Pacific with Dropbox’s response.
Hundreds of alleged usernames and passwords for Dropbox have been published on Pastebin, an anonymous information-sharing site.
The apparent hackers claim to have nabbed 6,937,081 passwords and today published a “teaser” of 400 username-password pairs. They requested donations in Bitcoin and promised to release more passwords based on how much of the virtual currency they receive. The usernames appeared in alphabetical order starting with email@example.com and ending with firstname.lastname@example.org.
Dropbox, however, says the hack is bogus. The company offered VentureBeat this response to our inquiry:
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
Subsequently, two more “teasers” appeared on Pastebin.
A Reddit thread first mentioned the apparent leak about three hours ago. The Reddit user who first submitted the link later said that usernames and passwords in the file actually did work.
Dropbox posted a warning against phishing scams on October 9.
While this hack may not be legitimate, and even though Dropbox says it expired most of these passwords long ago, the fact that someone on Reddit is claiming that the passwords do work is cause for concern.
It’s probably a good idea to change your password just to be safe — especially if you use the same password on multiple sites — and enable two-factor authentication, which Dropbox now supports.
Via The Next Web
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more