Dropbox denies hack, says old logins were scraped from third-party services

By

Photo: Dropbox
Photo: Dropbox

Update: A Dropbox spokesperson has confirmed that its service has not been hacked and that the exposed logins were mostly expired and harvested from third-party services. More information below.

An anonymous party has allegedly hacked 6,937,081 Dropbox accounts and gained access to email addresses and passwords in plain text. Hundreds of account emails and passwords have been posted online as proof, with whoever is responsible claiming that more will be shared after receiving Bitcoin donations.

“Dropbox has not been hacked,” said a spokesperson in a statement to Cult of Mac. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

Dropbox says it’s unclear which third-party services were compromised.

We’re still advising all Dropbox users to immediately change their passwords and enable two-step verification, as some online commenters have noticed suspicious activity like their files being deleted.

Source: Pastebin
Via: Reddit

Deals of the Day

  • Chris Weaver

    Yeah, odd there’s a bug that files are disappearing and now this… hmm.

  • Dutchman

    Of course! – when it comes to the world of information privacy the most important thing is who is to blame, not ‘can we ever fix this problem?’ Who cares, as long as people keeping buying every product cycle…