Around 7 million Dropbox usernames and passwords have been allegedly hacked and hundreds have been posted online on pastebin.
The message on the leak mentioned this:
***** DROPBOX HACKED *****
6,937,081 DROPBOX ACCOUNTS HACKED
PHOTOS – VIDEOS – OTHER FILES
MORE BITCOIN = MORE ACCOUNTS PUBLISHED ON PASTEBIN
As more BTC is donated , More pastebin pastes will appear
To find them, simply search for “DROPBOX HACKED” and you will see any additional pastes as they are published.
FIRST TEASER – 400 DROPBOX ACCOUNTS Just to get things going…
SEND BTC DONATIONS TO 1Fw7QqUgzbns7yWHH32UnmMxmMMwu6MC6h
COME BACK AND CHECK PASTEBIN FOR NEW DROPBOX DROPS
THE MORE BTC DONATED WILL REFLECT HOW MANY MORE LOGIN AND PASSWORDS
ARE RELEASED PUBLIC.
Dropbox, however, said in its blog that it is not to blame for the leaked passwords and that these were stolen from other, third party services:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.
Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Dropbox says it performed password resets when it detected ‘suspicious activity’ on these accounts a few months ago.
To be safe, please do change your Dropbox password and enable 2 Factor Authentication.