Dropbox denies security leak after ‘hacked’ passwords appear online

Oct 15, 2014 | Regulation

Dropbox has denied reports that hackers broke into its computer systems and stole almost seven million usernames and passwords, claiming that the data leaked online is not associated with Dropbox accounts. This week it emerged that over 400 alleged usernames and passwords for online document-sharing site Dropbox had been published on anonymous information-sharing website Pastebin. […]

Dropbox has denied reports that hackers broke into its computer systems and stole almost seven million usernames and passwords, claiming that the data leaked online is not associated with Dropbox accounts.


dropbox%20hack%20not.jpg
This week it emerged that over 400 alleged usernames and passwords for online document-sharing site Dropbox had been published on anonymous information-sharing website Pastebin.
The anonymous user claimed to have hacked 6,937,081 Dropbox accounts, and was offering to publish more user details in exchange for Bitcoin donations.
This leak has since been followed up with a couple more pastes (of around a hundred account credentials apiece).
In an update to a blog post about the attack Dropbox notes: “A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.”
As with the Snapchat hack, Dropbox has pointed the finger of blame for the 400 compromised accounts elsewhere — at “unrelated” third party services — stressing that its own security has not been compromised.
In a post on the company Blog – unequivocally entitled ‘Dropbox wasn’t hacked‘ — Dropbox’s Anton Mityagin writes:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommendenabling 2 step verification on your account.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted
The news comes after US whistleblower Edward Snowden warned that people who care about their privacy should stay away from popular consumer internet services like Dropbox.
Speaking via video link as part of the New Yorker Festival last weekend, he said that people who say they have nothing to hide are “inverting the model of responsibility for how rights work”.
“When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it’,” he said.
“The way rights work is, the government has to justify its intrusion into your rights.”
Read the Dropbox blog here