An anonymous hacker is claiming to have hacked about 7 million Dropbox accounts pointing towards a major security breach with the file hosting service provider. The Next Web was the first to have noticed the leak on a Reddit thread containing links to Pastebin files.
About 400 username and password pairs, all beginning with the letter B, have been posted in plain text as “first teaser…just to get things going” on Pastebin at 4:10 p.m. CDT on October 13, 2014. The leaks came with a note on top saying, “Here is another batch of Hacked Dropbox accounts from the massive hack of 7,000,000 accounts. To see plenty more, just search on [redacted] for the term Dropbox hack. More to come, keep showing your support.”
The perpetrator has promised to update more such combination of username and password if paid through Bitcoin. “More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear”, posted the hacker. The hacker has also threaten to release photos, videos and other files of the 6,937,081 Dropbox accounts that he has access to.
However, Dropbox has denied of any such event. A company spokesperson told The Next Web, “Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts.” Provider of the file sharing service said they had detected the attacks earlier and pointed out that most of the passwords leaked were expired for quite time now.
Yet Dropbox is forcing users with compromised accounts to reset their password as reported NextWeb. It makes sense to change password even if the claim is not true as it is always good to be safe than sorry.
Dropbox has further issued a statement on their blog insisting, “The usernames and passwords…were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.