Dropbox denies hack, says old logins were scraped from third-party services


Photo: Dropbox
Photo: Dropbox

Update: A Dropbox spokesperson has confirmed that its service has not been hacked and that the exposed logins were mostly expired and harvested from third-party services. More information below.

An anonymous party has allegedly hacked 6,937,081 Dropbox accounts and gained access to email addresses and passwords in plain text. Hundreds of account emails and passwords have been posted online as proof, with whoever is responsible claiming that more will be shared after receiving Bitcoin donations.

“Dropbox has not been hacked,” said a spokesperson in a statement to Cult of Mac. “These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well.”

Dropbox says it’s unclear which third-party services were compromised.

We’re still advising all Dropbox users to immediately change their passwords and enable two-step verification, as some online commenters have noticed suspicious activity like their files being deleted.

Source: Pastebin
Via: Reddit


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.