Dropbox not hacked but change your passwords anyway

Dropbox not hacked but change your passwords anyway
Lewis Leong

Lewis Leong

  • Updated:

Last night, an anonymous hacker claimed he had a database of over seven million Dropbox usernames and passwords. He or she leaked the first four hundred credentials online to prove the info was legitimate and began asking for donations to leak more.

Dropbox quickly responded, stating the leaked password database was not obtained from the company’s servers. Dropbox had not been hacked. Instead, the usernames and passwords were obtained from various other password dumps from separate attacks.

Here’s the company’s official statement:

“Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.”

Dropbox also verified that many of the passwords in the dump were already expired, but reset user accounts just in case.

It’s unclear where this database of passwords and usernames originated from, but it’s likely the hacker is sensationalizing his attack to soliciting money from the internet black market.

If there’s anything to take away from this story, it’s that hackers are becoming increasingly aggressive. They’re collecting as much user data as possible to sell on the black market, whether or not the information is actually useful.

Snapchat also faced a security scare this week. While Snapchat wasn’t hacked, users who signed up for unauthorized Snapchat apps that saved their friends’ photos and videos allowed hackers to leak over 200,000 photos and videos.

It bears repeating that you should never use the same password on multiple sites. Always use a password manager to generate passwords for each site you use.

Dropbox also supports two-factor authentication, which requires you to have a randomized code either sent to you via SMS or using an authenticator app. If you don’t have this feature enabled, do it now. Check out my guide on how to enable it.

While Dropbox may not have been compromised, you should still change your password just in case.

For more about protecting yourself online, read my guide on how to protect your online identity and why you should care.

Source and image credit: Dropbox

Related Stories

Snapchat not responsible for leaked photos but it could have done more

Hundreds of thousands Snapchat images leaked but you’re probably safe

iCloud gets serious about security, now requires app-specific passwords

iOS lock screen exploit tricks Siri into revealing your email, SMS and Twitter

Follow me on Twitter: @lewisleong

Lewis Leong

Lewis Leong

Latest from Lewis Leong

Editorial Guidelines