7 million Dropbox users may have been compromised

Hackers have allegedly obtained 7 million sets of user credentials for Dropbox accounts. While the credentials shared appear to be genuine, Dropbox has issued a statement claiming they have not been hacked: "these usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts".

It is possible that the credentials were obtained through past hacks of other services, and happened to correlate with users' Dropbox accounts.

The hackers responsible have been slowly releasing "teasers" on text sharing site Pastebin, and are asking for Bitcoin donations. They claim that they will upload more passwords as donations are received. Approximately 600 passwords have been shared so far, with emails all beginning with 'B'.

CyberShack advises Dropbox users to change their passwords and enable two-factor authentication. Users should also change the password on any account sharing an email address with their Dropbox, and may want to look into using a password manager.

Leave a Reply