Update: A Dropbox spokesperson has confirmed that its service has not been hacked and that the exposed logins were mostly expired and harvested from third-party services. More information below.
An anonymous party has allegedly hacked 6,937,081 Dropbox accounts and gained access to email addresses and passwords in plain text. Hundreds of account emails and passwords have been posted online as proof, with whoever is responsible claiming that more will be shared after receiving Bitcoin donations.
“Dropbox has not been hacked,” said a spokesperson in a statement to Cult of Mac. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”
Dropbox says it’s unclear which third-party services were compromised.
We’re still advising all Dropbox users to immediately change their passwords and enable two-step verification, as some online commenters have noticed suspicious activity like their files being deleted.