Hundreds of Dropbox Passwords allegedly Leaked were publisehd online, but the company reassures its users confirming that its systems were not violated.
It’s up to DropBox, an archive of nearly 7 million Dropbox login credentials has been published on PasteBin. A guest account post on Pastebin four different documents, all claiming to be part of “the massive hack of 7,000,000 accounts”. The author also anticipated that there are “More to come” if punters “keep showing your support” by making Bitcoin payments to the author.
Other sources report that the data leak apparently surfaced on this Reddit thread, where some Reddit users who have tested the credentials have confirmed that many of them still work. Reading the comments it seems that Dropbox in response to the data leakage has reset all the accounts listed in the Pastebin.
Unfortunately for the mysterious hacker, most of the 400 credentials posted as proof of the hack were no more valid, meantime Dropbox denies its systems were hacked and sustains that data have a different origin.
“Dropbox has not been hacked,” the company told the outlet. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.
“We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.” states Anton Mityagin in an official announcement from the company. “Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
According to the DropBox, a subsequent list of credentials has been disclosed online, but checks made by the company confirms that the new wave of username and password are not associated with Dropbox accounts.
DropBox anyway urges its customers to enable 2 step verification for the authentication of their accounts.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.