It’s up to DropBox, an archive of nearly 7 million Dropbox login credentials has been published on PasteBin. A guest account post on Pastebin four different documents, all claiming to be part of “the massive hack of 7,000,000 accounts”. The author also anticipated that there are “More to come” if punters “keep showing your support” by making Bitcoin payments to the author.
Other sources report that the data leak apparently surfaced on this Reddit thread, where some Reddit users who have tested the credentials have confirmed that many of them still work. Reading the comments it seems that Dropbox in response to the data leakage has reset all the accounts listed in the Pastebin.
Unfortunately for the mysterious hacker, most of the 400 credentials posted as proof of the hack were no more valid, meantime Dropbox denies its systems were hacked and sustains that data have a different origin.
“Dropbox has not been hacked,” the company told the outlet. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.
“We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.” states Anton Mityagin in an official announcement from the company. “Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”
According to the DropBox, a subsequent list of credentials has been disclosed online, but checks made by the company confirms that the new wave of username and password are not associated with Dropbox accounts.
DropBox anyway urges its customers to enable 2 step verification for the authentication of their accounts.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.