The hackers have already leaked about 400 accounts on reddit where they’ve posted links to files that contain usernames and passwords. The hackers have promised to release more accounts in return for Bitcoin donations.
On the other hand, Dropbox issued the following statement to The Next Web telling them that there hasn’t been any security breach at their end. They believe that the passwords were stolen from third party services that were used to access Dropbox accounts.
Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.
You should get the “Please change your password†message as you can see above if Dropbox has proactively expired your password.
If you use Dropbox, then it is strongly recommended to change the password, and enable two-step verification. If you need help then check our post on how to enable two-step verification for your Dropbox account:
Dropbox also has published a new blog post to clarify that accounts weren’t hacked, and the usernames and passwords that were published on Pastebin were stolen from unrelated services, not Dropbox:
Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.
[via The Next Web]
