Dropbox hacked, 7 million username & passwords released

On the heels of last week’s release of almost 100,000 stolen Snapchat pictures and videos, comes a new revelation. The popular cloud storage service Dropbox was allegedly hacked, and almost 7 million username & passwords were released on the website Pastebin. Someone on reddit posted a series of links on Monday evening to files that allegedly contained the stolen usernames and passwords. Other redditors chimed in right after the links were posted saying that they had been able to log in to some of the Dropbox accounts using the listed credentials. You can read the reddit thread here. http://www.reddit.com/r/sysadmin/comments/2j5xkw/has_dropbox_been_hacked_passwords_dumped_on/

Dropbox hacked, responds to the leak

The company released a statement on their company blog  denying that their services had been breached. This was was in stark contrast to what was being said on reddit. Here is an excerpt from the Drobpox blog:

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.

Dropbox seems to have bulk reset all the accounts listed in the Pastebin postings, though passwords for other accounts do not appear to have been reset. The hackers claim that they will release more username/password pairs if they receive donations to their Bitcoin address.

How to protect your account

Below are two steps you can take to protect your Dropbox account from any malicious activity.

1. Reset your password
To change your password, log in to your Dropbox account, click on your name and choose “settings.” Then, click on the security tab.

2. Enable two-factor verification
You can also enable two-factor verification, which requires either a cellphone or an app. A code will be sent to the cellphone or app whenever you (or someone else) attempt to access the account from a new device. The option to enable two-factor verification is found in the security tab.

The security page will also show you all devices that have been linked to your account as well as which ones are currently logged in.

Time to change your passwords

If you have a Dropbox account, then overall it is a good idea to change your passwords on any other website, app or service where you use the same username and password. As a rule of thumb, you always want to use a unique and different password for every site or app that you use. Below are some comments from redditors that explain the situation really well.

use different username and password for each site

Share with others!Share on Facebook0Tweet about this on TwitterShare on LinkedIn0Share on Google+10Share on Reddit0Email this to someone

Kenny Withers

I am a blogger, strategist and speaker who works with companies to optimize their online personal and company presence, brand, internet marketing and social media marketing. This blog covers topics related to Social Media, Digital Marketing, Blogging, Twitter, Facebook, YouTube, LinkedIn, Search Engine Optimization (SEO), Search Engine Marketing (SEM), Brand Marketing, and Content Marketing.

7 Responses

  1. Gordon Varney says:

    I always thought of Dropbox as a secure solution. This will make me think twice about what I put in the cloud.

  2. Kennith Poling says:

    This weblog contains remarkable and genuinely good data designed for visitors.

  3. Alaina Apfeloope says:

    Can I simply say what a comfort to discover somebody that truly understands what they are discussing over the internet. You actually know how to bring an issue to light and make it important. A lot more people ought to look at this and understand this side of the story. I can’t believe you’re not more popular given that you surely have the gift.

  4. Andy Tejeda says:

    You can be diligent about protecting your data, but once it’s on a cloud server it might not be safe.

  5. Carla Soukef says:

    Great site, i like it… greetings.

  6. Kristy Paxson says:

    You must make sure that you use the best service if you want your information to remain private.

  1. November 14, 2014

    Thanks for the valuable information.